diff --git a/docs/security/agent/grype-25.10.1.json b/docs/security/agent/grype-25.10.1.json index d7af24d..4ec14c1 100644 --- a/docs/security/agent/grype-25.10.1.json +++ b/docs/security/agent/grype-25.10.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.1" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.1" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12132,7 +17219,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12244,6 +17331,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12304,92 +17394,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.1.md b/docs/security/agent/grype-25.10.1.md index e7e19f8..7cd3ae2 100644 --- a/docs/security/agent/grype-25.10.1.md +++ b/docs/security/agent/grype-25.10.1.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.10.json b/docs/security/agent/grype-25.10.10.json index 6a165e8..eb6866b 100644 --- a/docs/security/agent/grype-25.10.10.json +++ b/docs/security/agent/grype-25.10.10.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,111 +3977,235 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.10" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +4213,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,108 +4244,129 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +4374,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,29 +4405,40 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3900,10 +4454,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3911,26 +4473,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3943,17 +4502,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +4528,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3989,25 +4556,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,20 +4573,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4038,10 +4594,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4049,22 +4613,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4081,17 +4644,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +4670,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4130,22 +4701,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,39 +4715,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4195,23 +4755,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4224,18 +4784,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4250,21 +4810,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4278,13 +4838,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +4855,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,23 +4895,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4364,18 +4924,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4390,21 +4950,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4418,23 +4978,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -4446,12 +5006,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.10" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4467,47 +5122,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4515,17 +5187,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4533,7 +5205,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +5213,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4569,44 +5244,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4622,47 +5282,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +5347,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +5373,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,100 +5404,113 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4825,17 +5518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4851,21 +5544,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4879,85 +5575,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4965,17 +5678,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4991,22 +5704,25 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", - "type": "rpm", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -5019,67 +5735,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5087,25 +5803,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5116,25 +5834,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +5860,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5170,29 +5888,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,39 +5905,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5242,28 +5937,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5271,18 +5969,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5297,21 +5987,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5325,27 +6015,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5357,39 +6043,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5397,54 +6075,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5452,21 +6125,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5483,11 +6156,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5497,37 +6181,37 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5537,45 +6221,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5592,21 +6276,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-1489", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5620,13 +6304,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5637,39 +6321,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5677,22 +6361,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5709,25 +6390,25 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5735,21 +6416,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5763,25 +6444,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5791,39 +6461,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5831,22 +6501,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5863,18 +6530,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5889,21 +6556,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5917,23 +6584,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5945,105 +6612,86 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6051,7 +6699,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6059,24 +6707,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6090,14 +6735,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6107,38 +6767,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -6147,60 +6807,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6208,7 +6854,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6216,21 +6862,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6244,14 +6890,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6261,108 +6922,101 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6372,7 +7026,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6380,21 +7034,24 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6408,14 +7065,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6425,134 +7093,4368 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013649999999999999 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.10" + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "af1ef2b90efeccfe", - "name": "fluent-bit", - "version": "25.10.10", - "type": "binary", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.10", - "upstreams": [] + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6560,28 +11462,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6589,18 +11507,24 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6615,21 +11539,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6643,13 +11567,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6660,139 +11584,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +11680,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6831,14 +11708,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6848,37 +11730,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6888,45 +11770,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6935,7 +11818,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6943,21 +11826,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6974,11 +11857,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6988,20 +11876,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7009,23 +11897,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7034,53 +11916,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7088,7 +11964,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7096,21 +11972,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7124,14 +12000,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7141,107 +12022,158 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.10" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "af1ef2b90efeccfe", - "name": "fluent-bit", - "version": "25.10.10", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.10", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -7257,44 +12189,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7311,23 +12255,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7343,21 +12281,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7371,117 +12312,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7489,7 +12434,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7497,21 +12442,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7525,53 +12473,64 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7582,44 +12541,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7629,7 +12602,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7637,21 +12610,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7665,19 +12638,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7687,38 +12655,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7727,46 +12695,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7774,7 +12755,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7782,21 +12763,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7810,19 +12791,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7832,39 +12808,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7872,47 +12854,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7927,21 +12929,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -7955,17 +12957,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -7977,20 +12985,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7998,65 +13006,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8064,7 +13096,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8072,21 +13104,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8103,16 +13135,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8122,87 +13149,114 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8218,21 +13272,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8246,104 +13303,131 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8359,21 +13443,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8387,66 +13474,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8455,47 +13542,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8503,7 +13603,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8511,21 +13611,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8539,29 +13639,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8571,87 +13656,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8659,7 +13761,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8667,21 +13769,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8695,52 +13800,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8748,93 +13838,83 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-68160", "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00874 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-68160", "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8842,7 +13922,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8850,21 +13930,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8878,37 +13961,48 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8916,17 +14010,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8935,51 +14029,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8995,21 +14097,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9023,56 +14125,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9080,59 +14182,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9140,21 +14237,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9168,66 +14265,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9236,52 +14322,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9289,7 +14369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9297,21 +14377,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9328,22 +14408,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9353,39 +14422,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9393,61 +14462,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9462,21 +14517,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9490,13 +14545,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9507,20 +14562,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9528,18 +14583,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9547,41 +14602,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9589,18 +14635,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9615,21 +14661,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9643,13 +14689,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9660,43 +14706,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -9706,65 +14746,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -9781,21 +14802,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9809,23 +14830,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9837,118 +14858,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9956,21 +14954,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9984,14 +14982,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10001,38 +15010,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10041,60 +15050,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10110,21 +15118,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10138,13 +15146,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10155,99 +15163,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10263,21 +15273,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10291,89 +15304,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10388,21 +15431,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10416,48 +15462,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10465,58 +15511,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10524,21 +15603,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10552,127 +15634,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10680,7 +15756,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10688,21 +15764,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10716,46 +15795,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10769,37 +15859,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10816,21 +15902,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10844,13 +15930,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11077,7 +16163,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11189,6 +16275,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11249,92 +16338,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.10.md b/docs/security/agent/grype-25.10.10.md index ad77e9c..e73c62d 100644 --- a/docs/security/agent/grype-25.10.10.md +++ b/docs/security/agent/grype-25.10.10.md @@ -5,51 +5,68 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -57,24 +74,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.11.json b/docs/security/agent/grype-25.10.11.json index 8c46ee9..902e4f9 100644 --- a/docs/security/agent/grype-25.10.11.json +++ b/docs/security/agent/grype-25.10.11.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,111 +3977,235 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.11" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a42b5da91e6fcde7", + "name": "fluent-bit", + "version": "25.10.11", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.11", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +4213,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,108 +4244,129 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +4374,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,29 +4405,40 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3900,10 +4454,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3911,26 +4473,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3943,17 +4502,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +4528,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3989,25 +4556,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,20 +4573,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4038,10 +4594,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4049,22 +4613,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4081,17 +4644,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +4670,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4130,22 +4701,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,39 +4715,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4195,23 +4755,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4224,18 +4784,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4250,21 +4810,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4278,13 +4838,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +4855,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,23 +4895,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4364,18 +4924,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4390,21 +4950,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4418,23 +4978,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -4446,12 +5006,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.11" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a42b5da91e6fcde7", + "name": "fluent-bit", + "version": "25.10.11", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.11", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4467,47 +5122,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4515,17 +5187,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4533,7 +5205,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +5213,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4569,44 +5244,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4622,47 +5282,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +5347,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +5373,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,100 +5404,113 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4825,17 +5518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4851,21 +5544,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4879,85 +5575,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4965,17 +5678,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4991,22 +5704,25 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", - "type": "rpm", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -5019,67 +5735,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5087,25 +5803,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5116,25 +5834,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +5860,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5170,29 +5888,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,39 +5905,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5242,28 +5937,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5271,18 +5969,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5297,21 +5987,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5325,27 +6015,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5357,39 +6043,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5397,54 +6075,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5452,21 +6125,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5483,11 +6156,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5497,37 +6181,37 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5537,45 +6221,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5592,21 +6276,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-1489", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5620,13 +6304,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5637,39 +6321,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5677,22 +6361,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5709,25 +6390,25 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5735,21 +6416,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5763,25 +6444,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5791,39 +6461,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5831,22 +6501,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5863,18 +6530,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5889,21 +6556,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5917,23 +6584,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5945,105 +6612,86 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6051,7 +6699,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6059,24 +6707,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6090,14 +6735,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6107,38 +6767,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -6147,60 +6807,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6208,7 +6854,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6216,21 +6862,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6244,14 +6890,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6261,108 +6922,101 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6372,7 +7026,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6380,21 +7034,24 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6408,14 +7065,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6425,134 +7093,4368 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013649999999999999 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.11" + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a42b5da91e6fcde7", - "name": "fluent-bit", - "version": "25.10.11", - "type": "binary", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.11", - "upstreams": [] + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6560,28 +11462,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6589,18 +11507,24 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6615,21 +11539,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6643,13 +11567,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6660,139 +11584,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +11680,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6831,14 +11708,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6848,37 +11730,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6888,45 +11770,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6935,7 +11818,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6943,21 +11826,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6974,11 +11857,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6988,20 +11876,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7009,23 +11897,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7034,53 +11916,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7088,7 +11964,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7096,21 +11972,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7124,14 +12000,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7141,107 +12022,158 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.11" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a42b5da91e6fcde7", - "name": "fluent-bit", - "version": "25.10.11", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.11", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -7257,44 +12189,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7311,23 +12255,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7343,21 +12281,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7371,117 +12312,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7489,7 +12434,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7497,21 +12442,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7525,53 +12473,64 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7582,44 +12541,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7629,7 +12602,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7637,21 +12610,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7665,19 +12638,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7687,38 +12655,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7727,46 +12695,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7774,7 +12755,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7782,21 +12763,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7810,19 +12791,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7832,39 +12808,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7872,47 +12854,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7927,21 +12929,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -7955,17 +12957,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -7977,20 +12985,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7998,65 +13006,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8064,7 +13096,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8072,21 +13104,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8103,16 +13135,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8122,87 +13149,114 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8218,21 +13272,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8246,104 +13303,131 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8359,21 +13443,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8387,66 +13474,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8455,47 +13542,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8503,7 +13603,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8511,21 +13611,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8539,29 +13639,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8571,87 +13656,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8659,7 +13761,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8667,21 +13769,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8695,52 +13800,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8748,93 +13838,83 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-68160", "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00874 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-68160", "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8842,7 +13922,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8850,21 +13930,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8878,37 +13961,48 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8916,17 +14010,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8935,51 +14029,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8995,21 +14097,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9023,56 +14125,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9080,59 +14182,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9140,21 +14237,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9168,66 +14265,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9236,52 +14322,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9289,7 +14369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9297,21 +14377,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9328,22 +14408,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9353,39 +14422,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9393,61 +14462,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9462,21 +14517,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9490,13 +14545,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9507,20 +14562,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9528,18 +14583,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9547,41 +14602,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9589,18 +14635,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9615,21 +14661,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9643,13 +14689,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9660,43 +14706,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -9706,65 +14746,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -9781,21 +14802,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9809,23 +14830,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9837,118 +14858,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9956,21 +14954,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9984,14 +14982,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10001,38 +15010,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10041,60 +15050,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10110,21 +15118,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10138,13 +15146,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10155,99 +15163,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10263,21 +15273,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10291,89 +15304,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10388,21 +15431,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10416,48 +15462,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10465,58 +15511,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10524,21 +15603,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10552,127 +15634,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10680,7 +15756,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10688,21 +15764,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10716,46 +15795,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10769,37 +15859,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10816,21 +15902,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10844,13 +15930,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11077,7 +16163,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11189,6 +16275,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11249,92 +16338,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.11.md b/docs/security/agent/grype-25.10.11.md index 3c1df0b..ae95064 100644 --- a/docs/security/agent/grype-25.10.11.md +++ b/docs/security/agent/grype-25.10.11.md @@ -5,51 +5,68 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.11 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.11 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -57,24 +74,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.12.json b/docs/security/agent/grype-25.10.12.json index 2b9d50f..d7dc743 100644 --- a/docs/security/agent/grype-25.10.12.json +++ b/docs/security/agent/grype-25.10.12.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,111 +3977,235 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.12" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4a6dc1b111ad93ba", + "name": "fluent-bit", + "version": "25.10.12", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +4213,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,108 +4244,129 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +4374,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,29 +4405,40 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3900,10 +4454,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3911,26 +4473,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3943,17 +4502,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +4528,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3989,25 +4556,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,20 +4573,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4038,10 +4594,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4049,22 +4613,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4081,17 +4644,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +4670,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4130,22 +4701,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,39 +4715,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4195,23 +4755,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4224,18 +4784,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4250,21 +4810,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4278,13 +4838,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +4855,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,23 +4895,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4364,18 +4924,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4390,21 +4950,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4418,23 +4978,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -4446,12 +5006,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.12" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4a6dc1b111ad93ba", + "name": "fluent-bit", + "version": "25.10.12", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4467,47 +5122,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4515,17 +5187,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4533,7 +5205,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +5213,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4569,44 +5244,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4622,47 +5282,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +5347,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +5373,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,100 +5404,113 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4825,17 +5518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4851,21 +5544,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4879,85 +5575,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4965,17 +5678,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4991,22 +5704,25 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", - "type": "rpm", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -5019,67 +5735,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5087,25 +5803,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5116,25 +5834,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +5860,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5170,29 +5888,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,39 +5905,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5242,28 +5937,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5271,18 +5969,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5297,21 +5987,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5325,27 +6015,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5357,39 +6043,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5397,54 +6075,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5452,21 +6125,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5483,11 +6156,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5497,37 +6181,37 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5537,45 +6221,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5592,21 +6276,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-1489", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5620,13 +6304,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5637,39 +6321,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5677,22 +6361,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5709,25 +6390,25 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5735,21 +6416,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5763,25 +6444,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5791,39 +6461,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5831,22 +6501,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5863,18 +6530,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5889,21 +6556,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5917,23 +6584,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5945,105 +6612,86 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6051,7 +6699,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6059,24 +6707,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6090,14 +6735,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6107,38 +6767,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -6147,60 +6807,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6208,7 +6854,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6216,21 +6862,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6244,14 +6890,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6261,108 +6922,101 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6372,7 +7026,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6380,21 +7034,24 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6408,14 +7065,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6425,134 +7093,4368 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013649999999999999 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.12" + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4a6dc1b111ad93ba", - "name": "fluent-bit", - "version": "25.10.12", - "type": "binary", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.12", - "upstreams": [] + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6560,28 +11462,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6589,18 +11507,24 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6615,21 +11539,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6643,13 +11567,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6660,139 +11584,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +11680,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6831,14 +11708,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6848,37 +11730,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6888,45 +11770,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6935,7 +11818,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6943,21 +11826,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6974,11 +11857,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6988,20 +11876,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7009,23 +11897,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7034,53 +11916,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7088,7 +11964,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7096,21 +11972,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7124,14 +12000,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7141,107 +12022,158 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.12" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4a6dc1b111ad93ba", - "name": "fluent-bit", - "version": "25.10.12", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.12", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -7257,44 +12189,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7311,23 +12255,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7343,21 +12281,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7371,117 +12312,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7489,7 +12434,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7497,21 +12442,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7525,53 +12473,64 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7582,44 +12541,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7629,7 +12602,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7637,21 +12610,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7665,19 +12638,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7687,38 +12655,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7727,46 +12695,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7774,7 +12755,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7782,21 +12763,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7810,19 +12791,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7832,39 +12808,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7872,47 +12854,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7927,21 +12929,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -7955,17 +12957,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -7977,20 +12985,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7998,65 +13006,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8064,7 +13096,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8072,21 +13104,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8103,16 +13135,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8122,87 +13149,114 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8218,21 +13272,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8246,104 +13303,131 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8359,21 +13443,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8387,66 +13474,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8455,47 +13542,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8503,7 +13603,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8511,21 +13611,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8539,29 +13639,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8571,87 +13656,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8659,7 +13761,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8667,21 +13769,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8695,52 +13800,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8748,93 +13838,83 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-68160", "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00874 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-68160", "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8842,7 +13922,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8850,21 +13930,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8878,37 +13961,48 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8916,17 +14010,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8935,51 +14029,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8995,21 +14097,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9023,56 +14125,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9080,59 +14182,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9140,21 +14237,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9168,66 +14265,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9236,52 +14322,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9289,7 +14369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9297,21 +14377,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9328,22 +14408,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9353,39 +14422,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9393,61 +14462,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9462,21 +14517,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9490,13 +14545,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9507,20 +14562,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9528,18 +14583,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9547,41 +14602,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9589,18 +14635,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9615,21 +14661,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9643,13 +14689,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9660,43 +14706,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -9706,65 +14746,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -9781,21 +14802,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9809,23 +14830,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9837,118 +14858,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9956,21 +14954,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9984,14 +14982,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10001,38 +15010,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10041,60 +15050,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10110,21 +15118,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10138,13 +15146,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10155,99 +15163,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10263,21 +15273,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10291,89 +15304,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10388,21 +15431,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10416,48 +15462,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10465,58 +15511,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10524,21 +15603,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10552,127 +15634,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10680,7 +15756,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10688,21 +15764,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10716,46 +15795,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10769,37 +15859,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10816,21 +15902,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10844,13 +15930,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11077,7 +16163,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11189,6 +16275,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11249,92 +16338,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.12.md b/docs/security/agent/grype-25.10.12.md index 8a9c22a..2cd9883 100644 --- a/docs/security/agent/grype-25.10.12.md +++ b/docs/security/agent/grype-25.10.12.md @@ -5,51 +5,68 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.12 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.12 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -57,24 +74,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.2.json b/docs/security/agent/grype-25.10.2.json index 41099a8..befc911 100644 --- a/docs/security/agent/grype-25.10.2.json +++ b/docs/security/agent/grype-25.10.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.2" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.2" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12140,7 +17227,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12252,6 +17339,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12312,92 +17402,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.2.md b/docs/security/agent/grype-25.10.2.md index 6e2d5b5..0759c78 100644 --- a/docs/security/agent/grype-25.10.2.md +++ b/docs/security/agent/grype-25.10.2.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.3.json b/docs/security/agent/grype-25.10.3.json index 0c1c039..a257ad7 100644 --- a/docs/security/agent/grype-25.10.3.json +++ b/docs/security/agent/grype-25.10.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12140,7 +17227,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12252,6 +17339,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12312,92 +17402,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.3.md b/docs/security/agent/grype-25.10.3.md index d93c590..2f3d7bb 100644 --- a/docs/security/agent/grype-25.10.3.md +++ b/docs/security/agent/grype-25.10.3.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.4.json b/docs/security/agent/grype-25.10.4.json index a8ea87b..fa7279e 100644 --- a/docs/security/agent/grype-25.10.4.json +++ b/docs/security/agent/grype-25.10.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12140,7 +17227,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12252,6 +17339,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12312,92 +17402,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.4.md b/docs/security/agent/grype-25.10.4.md index 1dc9eb2..011fc3c 100644 --- a/docs/security/agent/grype-25.10.4.md +++ b/docs/security/agent/grype-25.10.4.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.5.json b/docs/security/agent/grype-25.10.5.json index 04f544d..3b1863f 100644 --- a/docs/security/agent/grype-25.10.5.json +++ b/docs/security/agent/grype-25.10.5.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.4" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.4" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12140,7 +17227,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12252,6 +17339,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12312,92 +17402,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.5.md b/docs/security/agent/grype-25.10.5.md index 81b3e1e..69a7af6 100644 --- a/docs/security/agent/grype-25.10.5.md +++ b/docs/security/agent/grype-25.10.5.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.6.json b/docs/security/agent/grype-25.10.6.json index fece2fc..9832a56 100644 --- a/docs/security/agent/grype-25.10.6.json +++ b/docs/security/agent/grype-25.10.6.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12140,7 +17227,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12252,6 +17339,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12312,92 +17402,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.6.md b/docs/security/agent/grype-25.10.6.md index 591ef0c..db37581 100644 --- a/docs/security/agent/grype-25.10.6.md +++ b/docs/security/agent/grype-25.10.6.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.7.json b/docs/security/agent/grype-25.10.7.json index 7a499d0..f95415c 100644 --- a/docs/security/agent/grype-25.10.7.json +++ b/docs/security/agent/grype-25.10.7.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12140,7 +17227,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12252,6 +17339,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12312,92 +17402,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.7.md b/docs/security/agent/grype-25.10.7.md index 1f043c2..1cee8a7 100644 --- a/docs/security/agent/grype-25.10.7.md +++ b/docs/security/agent/grype-25.10.7.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.8.json b/docs/security/agent/grype-25.10.8.json index 456f7f8..921b896 100644 --- a/docs/security/agent/grype-25.10.8.json +++ b/docs/security/agent/grype-25.10.8.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,111 +3977,235 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.8" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "92b9576bd60528c3", + "name": "fluent-bit", + "version": "25.10.8", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.8", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +4213,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,108 +4244,129 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +4374,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,29 +4405,40 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3900,10 +4454,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3911,26 +4473,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3943,17 +4502,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +4528,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3989,25 +4556,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,20 +4573,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4038,10 +4594,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4049,22 +4613,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4081,17 +4644,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +4670,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -4130,22 +4701,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,39 +4715,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4195,23 +4755,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4224,18 +4784,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4250,21 +4810,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4278,13 +4838,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +4855,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,23 +4895,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4364,18 +4924,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4390,21 +4950,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4418,23 +4978,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -4446,12 +5006,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.8" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "92b9576bd60528c3", + "name": "fluent-bit", + "version": "25.10.8", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.8", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4467,47 +5122,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4515,17 +5187,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4533,7 +5205,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +5213,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4569,44 +5244,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4622,47 +5282,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +5347,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +5373,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,100 +5404,113 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4825,17 +5518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4851,21 +5544,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4879,85 +5575,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4965,17 +5678,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4991,22 +5704,25 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", - "type": "rpm", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -5019,67 +5735,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5087,25 +5803,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5116,25 +5834,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +5860,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5170,29 +5888,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,39 +5905,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5242,28 +5937,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5271,18 +5969,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5297,21 +5987,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5325,27 +6015,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5357,39 +6043,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5397,54 +6075,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5452,21 +6125,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5483,11 +6156,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5497,37 +6181,37 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5537,45 +6221,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5592,21 +6276,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-1489", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5620,13 +6304,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5637,39 +6321,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5677,22 +6361,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5709,25 +6390,25 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5735,21 +6416,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5763,25 +6444,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5791,39 +6461,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5831,22 +6501,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5863,18 +6530,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5889,21 +6556,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5917,23 +6584,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5945,105 +6612,86 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6051,7 +6699,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6059,24 +6707,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6090,14 +6735,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6107,38 +6767,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -6147,60 +6807,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6208,7 +6854,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6216,21 +6862,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6244,14 +6890,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6261,108 +6922,101 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6372,7 +7026,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6380,21 +7034,24 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6408,14 +7065,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6425,134 +7093,4368 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013649999999999999 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.8" + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "92b9576bd60528c3", - "name": "fluent-bit", - "version": "25.10.8", - "type": "binary", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.8", - "upstreams": [] + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6560,28 +11462,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6589,18 +11507,24 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6615,21 +11539,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6643,13 +11567,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6660,139 +11584,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6800,24 +11680,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6831,14 +11708,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6848,37 +11730,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6888,45 +11770,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6935,7 +11818,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6943,21 +11826,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6974,11 +11857,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6988,20 +11876,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7009,23 +11897,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7034,53 +11916,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7088,7 +11964,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7096,21 +11972,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7124,14 +12000,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7141,107 +12022,158 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.8" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "92b9576bd60528c3", - "name": "fluent-bit", - "version": "25.10.8", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.8", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -7257,44 +12189,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7311,23 +12255,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7343,21 +12281,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7371,117 +12312,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7489,7 +12434,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7497,21 +12442,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7525,53 +12473,64 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7582,44 +12541,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7629,7 +12602,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7637,21 +12610,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7665,19 +12638,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7687,38 +12655,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7727,46 +12695,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7774,7 +12755,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7782,21 +12763,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7810,19 +12791,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7832,39 +12808,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7872,47 +12854,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7927,21 +12929,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -7955,17 +12957,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -7977,20 +12985,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7998,65 +13006,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8064,7 +13096,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8072,21 +13104,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8103,16 +13135,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8122,87 +13149,114 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8218,21 +13272,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8246,104 +13303,131 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8359,21 +13443,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8387,66 +13474,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8455,47 +13542,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8503,7 +13603,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8511,21 +13611,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8539,29 +13639,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8571,87 +13656,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8659,7 +13761,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8667,21 +13769,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8695,52 +13800,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8748,93 +13838,83 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-68160", "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00874 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-68160", "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8842,7 +13922,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8850,21 +13930,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8878,37 +13961,48 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8916,17 +14010,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8935,51 +14029,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8995,21 +14097,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9023,56 +14125,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9080,59 +14182,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9140,21 +14237,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9168,66 +14265,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9236,52 +14322,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9289,7 +14369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9297,21 +14377,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9328,22 +14408,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9353,39 +14422,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9393,61 +14462,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9462,21 +14517,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9490,13 +14545,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9507,20 +14562,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9528,18 +14583,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9547,41 +14602,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9589,18 +14635,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9615,21 +14661,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9643,13 +14689,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9660,43 +14706,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -9706,65 +14746,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -9781,21 +14802,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9809,23 +14830,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -9837,118 +14858,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9956,21 +14954,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9984,14 +14982,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10001,38 +15010,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10041,60 +15050,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10110,21 +15118,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10138,13 +15146,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10155,99 +15163,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10263,21 +15273,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10291,89 +15304,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10388,21 +15431,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10416,48 +15462,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10465,58 +15511,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10524,21 +15603,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10552,127 +15634,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10680,7 +15756,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10688,21 +15764,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10716,46 +15795,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10769,37 +15859,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10816,21 +15902,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10844,13 +15930,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11077,7 +16163,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11189,6 +16275,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11249,92 +16338,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.8.md b/docs/security/agent/grype-25.10.8.md index 0968ad7..655deae 100644 --- a/docs/security/agent/grype-25.10.8.md +++ b/docs/security/agent/grype-25.10.8.md @@ -5,51 +5,68 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -57,24 +74,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.9.json b/docs/security/agent/grype-25.10.9.json index 2f71d82..5e4f63c 100644 --- a/docs/security/agent/grype-25.10.9.json +++ b/docs/security/agent/grype-25.10.9.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,111 +3977,235 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.9" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "20f835972e5f52cf", + "name": "fluent-bit", + "version": "25.10.9", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.9", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +4213,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,108 +4244,129 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +4374,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,29 +4405,40 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -3900,10 +4454,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3911,26 +4473,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3943,17 +4502,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +4528,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3989,25 +4556,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,20 +4573,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4038,10 +4594,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4049,22 +4613,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4081,17 +4644,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +4670,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4130,22 +4701,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,39 +4715,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4195,23 +4755,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4224,18 +4784,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4250,21 +4810,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4278,13 +4838,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +4855,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,23 +4895,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4364,18 +4924,18 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4390,21 +4950,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4418,23 +4978,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "pcre2", + "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", @@ -4446,12 +5006,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.9" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "20f835972e5f52cf", + "name": "fluent-bit", + "version": "25.10.9", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.9", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4467,47 +5122,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4515,17 +5187,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4533,7 +5205,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +5213,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4569,44 +5244,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4622,47 +5282,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +5347,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +5373,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,100 +5404,113 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4825,17 +5518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4851,21 +5544,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4879,85 +5575,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4965,17 +5678,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4991,22 +5704,25 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", - "type": "rpm", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -5019,67 +5735,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5087,25 +5803,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5116,25 +5834,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +5860,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5170,29 +5888,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,39 +5905,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5242,28 +5937,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5271,18 +5969,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5297,21 +5987,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5325,27 +6015,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5357,20 +6043,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5378,75 +6064,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5454,18 +6107,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5480,24 +6125,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "120d5875527c431e", - "name": "systemd-libs", - "version": "252-55.el9_7.2", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -5511,23 +6153,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5539,37 +6181,37 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5579,45 +6221,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Primary" } @@ -5634,21 +6276,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-1489", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5662,13 +6304,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5679,39 +6321,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5719,47 +6361,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5774,21 +6416,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5802,13 +6444,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5819,39 +6461,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5859,22 +6501,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5891,18 +6530,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5917,21 +6556,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5945,23 +6584,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5973,39 +6612,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6013,22 +6652,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6045,18 +6681,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6071,21 +6707,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6099,23 +6735,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6127,20 +6767,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6148,73 +6788,47 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6222,17 +6836,17 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6240,7 +6854,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6248,24 +6862,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6279,14 +6890,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6296,113 +6922,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6410,24 +7034,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6441,14 +7065,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6458,108 +7093,111 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014399999999999998 + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6567,21 +7205,4199 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" - } + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.02134 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" + ], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "120d5875527c431e", + "name": "systemd-libs", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6595,14 +11411,29 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6612,45 +11443,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -6658,72 +11483,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6731,21 +11539,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6759,14 +11567,29 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6776,23 +11599,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6800,110 +11620,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.9" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "20f835972e5f52cf", - "name": "fluent-bit", - "version": "25.10.9", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.9", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6911,54 +11807,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6966,21 +11863,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6997,11 +11894,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7011,139 +11913,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7151,24 +12009,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7182,14 +12037,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7199,37 +12059,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7239,45 +12099,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7286,7 +12147,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7294,21 +12155,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7325,11 +12186,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7339,20 +12205,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7360,23 +12226,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7385,53 +12245,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7439,7 +12293,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7447,21 +12301,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7475,14 +12329,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7492,107 +12351,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.9" - } + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "20f835972e5f52cf", - "name": "fluent-bit", - "version": "25.10.9", - "type": "binary", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.9", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -7608,44 +12533,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -7662,23 +12599,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7686,7 +12617,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7694,21 +12625,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7722,29 +12656,40 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -7760,16 +12705,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7779,31 +12724,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -7822,16 +12767,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7854,7 +12799,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -7893,38 +12838,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7933,46 +12878,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7980,7 +12938,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7988,21 +12946,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8016,19 +12974,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8038,39 +12991,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8078,47 +13037,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8133,21 +13112,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -8161,17 +13140,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -8183,20 +13168,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8204,65 +13189,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8270,7 +13279,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8278,21 +13287,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8306,19 +13315,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8328,86 +13332,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8415,7 +13447,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8423,21 +13455,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8451,109 +13486,131 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8561,7 +13618,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8569,21 +13626,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8597,55 +13657,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8654,47 +13725,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8702,7 +13786,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8710,21 +13794,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8738,25 +13822,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8766,87 +13839,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8854,7 +13944,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8862,21 +13952,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8890,119 +13983,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9018,21 +14113,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9046,76 +14144,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9124,44 +14212,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9169,23 +14254,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9201,21 +14280,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9229,13 +14308,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9246,39 +14325,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9286,52 +14365,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9346,21 +14420,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9374,37 +14448,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9412,17 +14486,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9431,51 +14505,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9483,7 +14552,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9491,21 +14560,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9519,120 +14588,129 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -9640,7 +14718,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9648,21 +14726,24 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9676,25 +14757,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9704,39 +14774,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -9744,61 +14814,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -9813,21 +14869,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9841,13 +14897,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9858,20 +14914,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9879,18 +14935,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9898,41 +14954,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9940,18 +14987,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9966,21 +15013,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9994,13 +15041,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10011,43 +15058,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10057,65 +15098,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10132,21 +15154,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10160,23 +15182,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -10188,118 +15210,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10307,21 +15306,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10335,14 +15334,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10352,38 +15362,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10392,60 +15402,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10461,21 +15470,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10489,13 +15498,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10506,99 +15515,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10614,21 +15625,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10642,89 +15656,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10739,21 +15783,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10767,48 +15814,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10816,58 +15863,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10875,21 +15955,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10903,127 +15986,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11031,7 +16108,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11039,21 +16116,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11067,46 +16147,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11120,37 +16211,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11167,21 +16254,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11195,13 +16282,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11428,7 +16515,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11540,6 +16627,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11600,92 +16690,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.10.9.md b/docs/security/agent/grype-25.10.9.md index 7242716..040454e 100644 --- a/docs/security/agent/grype-25.10.9.md +++ b/docs/security/agent/grype-25.10.9.md @@ -5,53 +5,70 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -59,24 +76,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.1.json b/docs/security/agent/grype-25.11.1.json index 109ffcb..582c4df 100644 --- a/docs/security/agent/grype-25.11.1.json +++ b/docs/security/agent/grype-25.11.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.1" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.1" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12140,7 +17227,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12252,6 +17339,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12312,92 +17402,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.11.1.md b/docs/security/agent/grype-25.11.1.md index e48dec3..dc7b420 100644 --- a/docs/security/agent/grype-25.11.1.md +++ b/docs/security/agent/grype-25.11.1.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.2.json b/docs/security/agent/grype-25.11.2.json index 50a34d1..12a0feb 100644 --- a/docs/security/agent/grype-25.11.2.json +++ b/docs/security/agent/grype-25.11.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89507, - "date": "2026-01-26" + "percentile": 0.89581, + "date": "2026-02-02" } ], "cwes": [ @@ -166,88 +166,80 @@ }, { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -255,10 +247,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -266,37 +258,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -304,21 +284,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -332,14 +312,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -349,31 +340,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -381,44 +380,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -439,14 +464,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -464,16 +489,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -489,83 +514,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -573,21 +652,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -601,25 +680,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -651,9 +719,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -669,7 +737,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -717,9 +785,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -820,9 +888,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -838,7 +906,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -886,9 +954,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -990,8 +1058,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1046,8 +1114,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -1115,86 +1183,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1210,21 +1297,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1238,127 +1328,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1379,7 +1608,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1429,39 +1658,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1469,70 +1690,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1553,7 +1748,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1626,8 +1821,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1675,8 +1870,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1767,8 +1962,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1816,8 +2011,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1896,39 +2091,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1936,47 +2131,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1991,21 +2186,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2019,13 +2214,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2036,45 +2231,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -2082,66 +2271,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2162,7 +2333,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2201,44 +2372,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2247,73 +2412,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2335,7 +2473,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2374,20 +2512,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2395,77 +2533,89 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2474,7 +2624,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2482,21 +2632,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2510,19 +2660,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2532,37 +2677,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2572,58 +2723,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2632,7 +2797,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2640,21 +2805,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2668,19 +2833,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2690,50 +2850,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2742,34 +2890,186 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -2809,8 +3109,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2913,8 +3213,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2972,8 +3272,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3064,8 +3364,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3123,8 +3423,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3203,69 +3503,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3273,17 +3590,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3299,21 +3616,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3327,132 +3647,121 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.34.1-9.el9_7" + "1:3.5.1-7.el9_7" ], "state": "fixed", "available": [ { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03572 + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00047, - "percentile": 0.1425, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3468,24 +3777,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3499,48 +3808,48 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3548,47 +3857,65 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3596,17 +3923,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3622,21 +3949,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3650,29 +3980,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3688,49 +4018,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3738,25 +4084,25 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3764,21 +4110,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3792,104 +4141,228 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.032785 + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3904,21 +4377,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -3932,104 +4408,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4044,21 +4538,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4072,48 +4569,48 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4121,10 +4618,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4132,30 +4637,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4163,10 +4666,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4181,21 +4692,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4209,13 +4720,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4226,20 +4737,20 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4247,10 +4758,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4258,22 +4777,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4290,17 +4808,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4308,21 +4834,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4339,22 +4865,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4364,31 +4879,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4396,31 +4919,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4428,17 +4948,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4446,21 +4974,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4474,25 +5002,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4502,39 +5019,39 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4542,23 +5059,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4571,25 +5088,25 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4597,21 +5114,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4625,14 +5142,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4642,12 +5170,107 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4663,47 +5286,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4711,17 +5351,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4729,7 +5369,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4737,21 +5377,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4765,40 +5408,29 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4814,47 +5446,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4862,17 +5511,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4888,21 +5537,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4916,44 +5568,40 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", @@ -4969,47 +5617,64 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5017,17 +5682,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5035,7 +5700,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5043,21 +5708,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5071,100 +5739,102 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.021115000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5172,17 +5842,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5190,7 +5860,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5198,21 +5868,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5226,56 +5899,67 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5283,25 +5967,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5312,25 +5998,25 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5338,21 +6024,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5366,25 +6052,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5394,39 +6069,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5434,28 +6101,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5463,18 +6133,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5489,21 +6151,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5517,27 +6179,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5549,39 +6207,31 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ], "fix": { @@ -5589,28 +6239,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5618,18 +6271,10 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" } ] } @@ -5644,21 +6289,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -5672,27 +6317,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "MIT" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5704,122 +6345,94 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.0234 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", + "cve": "CVE-2026-1489", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5827,24 +6440,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5858,25 +6468,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5886,39 +6485,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5926,47 +6525,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5981,21 +6580,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6009,13 +6608,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6026,39 +6625,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6066,54 +6665,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6121,21 +6720,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6149,14 +6748,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6166,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6206,22 +6816,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6238,18 +6845,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6264,21 +6871,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6292,23 +6899,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6320,39 +6931,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6360,22 +6971,19 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6392,18 +7000,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6418,21 +7026,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6446,23 +7054,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6474,94 +7086,85 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.9.13-14.el9_7" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.01736 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6569,25 +7172,25 @@ ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08377, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6595,24 +7198,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6629,11 +7232,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6643,113 +7257,111 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:2.68.4-18.el9_7.1" + "0:7.76.1-35.el9_7.3" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" } ], - "risk": 0.015875 + "risk": 0.022144999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6757,25 +7369,25 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "suggestedVersion": "0:7.76.1-35.el9_7.3" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", - "type": "rpm", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", @@ -6788,14 +7400,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6805,96 +7428,97 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.01537 + "risk": 0.02134 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6902,23 +7526,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6926,7 +7544,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6934,24 +7552,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -6965,138 +7583,128 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7111,24 +7719,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7142,67 +7747,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7210,68 +7809,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7279,21 +7877,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7307,14 +7905,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7324,45 +7927,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -7370,65 +7967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -7443,21 +8022,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7471,13 +8050,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7488,23 +8067,4264 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.019759999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00026, + "percentile": 0.06516, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.017085 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01643 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014069999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01092 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0094 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "coreutils", + "version": "8.32-39.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "0:2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glibc", + "version": "2.34-168.el9_6.23" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7512,110 +12332,186 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.00874 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.2" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7623,54 +12519,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7678,21 +12575,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7709,11 +12606,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7723,139 +12625,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7863,24 +12721,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7894,14 +12749,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7911,37 +12771,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7951,45 +12811,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7998,7 +12859,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8006,21 +12867,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8037,11 +12898,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8051,20 +12917,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8072,23 +12938,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8097,53 +12957,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8151,7 +13005,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8159,21 +13013,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8187,14 +13041,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8204,107 +13063,173 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.2" - } + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "ASL 2.0" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", @@ -8320,44 +13245,56 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -8374,23 +13311,17 @@ ], "epss": [ { - "cve": "CVE-2025-60753", + "cve": "CVE-2026-22795", "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8398,7 +13329,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8406,21 +13337,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -8434,29 +13368,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", @@ -8472,16 +13417,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8491,31 +13436,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 6.6, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -8534,16 +13479,16 @@ ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8566,7 +13511,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } @@ -8605,38 +13550,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8645,46 +13590,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8692,7 +13650,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8700,21 +13658,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8728,19 +13686,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8750,39 +13703,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8790,47 +13749,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8845,21 +13824,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -8873,17 +13852,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", @@ -8895,20 +13880,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8916,65 +13901,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8982,7 +13991,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8990,21 +13999,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9018,19 +14027,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9040,86 +14044,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9127,7 +14159,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9135,21 +14167,24 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9163,109 +14198,131 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9273,7 +14330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9281,21 +14338,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9309,55 +14369,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9366,47 +14437,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9414,7 +14498,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9422,21 +14506,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,25 +14534,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9478,87 +14551,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9566,7 +14656,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9574,21 +14664,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9602,119 +14695,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9730,21 +14825,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9758,76 +14856,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9836,44 +14924,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9881,23 +14966,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9913,21 +14992,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9941,13 +15020,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9958,39 +15037,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9998,52 +15077,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10058,21 +15132,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10086,37 +15160,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10124,17 +15198,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10143,51 +15217,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10195,7 +15264,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10203,21 +15272,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10231,120 +15300,129 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ - { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.0044800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-9714", + "epss": 0.00008, + "percentile": 0.0063, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -10352,7 +15430,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10360,21 +15438,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10388,25 +15469,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10416,39 +15486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -10456,61 +15526,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2026-1485", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -10525,21 +15581,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -10553,13 +15609,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10570,20 +15626,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10591,18 +15647,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10610,41 +15666,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10652,18 +15699,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10678,21 +15725,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -10706,13 +15753,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10723,43 +15770,37 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10769,65 +15810,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 4.7, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } @@ -10844,21 +15866,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -10872,23 +15894,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -10900,118 +15922,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11019,21 +16018,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -11047,14 +16046,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -11064,38 +16074,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11104,60 +16114,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11173,21 +16182,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11201,13 +16210,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11218,99 +16227,101 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.005225000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11326,21 +16337,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11354,89 +16368,119 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11451,21 +16495,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11479,48 +16526,48 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11528,58 +16575,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11587,21 +16667,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11615,127 +16698,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11743,7 +16820,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11751,21 +16828,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11779,46 +16859,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11832,37 +16923,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11879,21 +16966,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11907,13 +16994,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12140,7 +17227,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12252,6 +17339,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12312,92 +17402,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.11.2.md b/docs/security/agent/grype-25.11.2.md index 84abde0..69e1e0f 100644 --- a/docs/security/agent/grype-25.11.2.md +++ b/docs/security/agent/grype-25.11.2.md @@ -5,57 +5,74 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | @@ -63,24 +80,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.1.json b/docs/security/agent/grype-25.12.1.json index b81ab23..b180a9e 100644 --- a/docs/security/agent/grype-25.12.1.json +++ b/docs/security/agent/grype-25.12.1.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,37 +3977,4484 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "da8fb8ec75f41cac", + "name": "fluent-bit", + "version": "25.12.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034499999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + ], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "da8fb8ec75f41cac", + "name": "fluent-bit", + "version": "25.12.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024475000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0234 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.02134 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" + ], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "0:252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "e8cfdbaead821b00", + "name": "systemd", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.02134 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" + ], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "c4152df82a1db41b", + "name": "systemd-libs", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.02134 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" + ], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "ead60bdbac583ffe", + "name": "systemd-pam", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.02134 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" + ], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00044, + "percentile": 0.13422, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "7126adbff2843171", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3623,17 +8462,172 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3642,46 +8636,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.0207 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3689,7 +8683,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +8691,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3725,25 +8719,154 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3753,31 +8876,39 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3785,41 +8916,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024475000000000007 + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3834,21 +8971,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3862,13 +8999,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3879,81 +9016,125 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +9142,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3989,25 +9173,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,31 +9190,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", + "cve": "CVE-2026-0988", "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4049,49 +9230,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.017085 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", + "cve": "CVE-2026-0988", "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +9285,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4127,25 +9313,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,20 +9330,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4176,42 +9351,60 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4224,17 +9417,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4250,21 +9443,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4278,37 +9474,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4316,42 +9512,60 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -4364,17 +9578,17 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4390,21 +9604,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4418,122 +9635,167 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02314 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +9803,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4569,29 +9834,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4601,38 +9851,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -4641,46 +9891,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4696,21 +9960,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4724,13 +9988,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4741,20 +10005,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,17 +10026,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -4781,46 +10045,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.014069999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4828,7 +10092,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4836,21 +10100,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4864,25 +10128,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4892,39 +10145,45 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4932,54 +10191,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4987,21 +10264,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -5015,29 +10292,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5047,114 +10309,99 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -5170,24 +10417,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "0:252-55.el9_7.2" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e8cfdbaead821b00", - "name": "systemd", - "version": "252-55.el9_7.2", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -5201,13 +10445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5218,96 +10462,73 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5315,17 +10536,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5333,7 +10554,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5341,24 +10562,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c4152df82a1db41b", - "name": "systemd-libs", - "version": "252-55.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5372,124 +10590,90 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-55.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.009455 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5497,17 +10681,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5523,24 +10707,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "ead60bdbac583ffe", - "name": "systemd-pam", - "version": "252-55.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5554,48 +10735,48 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5603,75 +10784,53 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5679,17 +10838,23 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12252, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5697,7 +10862,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5705,24 +10870,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7126adbff2843171", - "name": "systemd-rpm-macros", - "version": "252-55.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5736,29 +10898,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-55.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5768,39 +10915,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5808,54 +10955,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.0094 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5863,21 +11016,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5891,14 +11044,25 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5908,39 +11072,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5948,47 +11112,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6003,21 +11181,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6031,13 +11209,13 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6048,39 +11226,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6088,57 +11266,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6146,21 +11322,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6174,25 +11350,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6202,39 +11367,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6242,50 +11407,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6300,21 +11463,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6328,23 +11491,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6356,105 +11519,87 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -6462,7 +11607,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6470,24 +11615,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6501,14 +11643,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6518,38 +11675,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -6558,60 +11721,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6627,21 +11798,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6655,13 +11826,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6672,17 +11843,17 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 6.1, "exploitabilityScore": 1.9, @@ -6693,24 +11864,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -6718,72 +11883,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6791,21 +11939,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6819,14 +11967,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6836,134 +11989,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.013649999999999999 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "da8fb8ec75f41cac", - "name": "fluent-bit", - "version": "25.12.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6971,54 +12029,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7026,21 +12085,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7057,11 +12116,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7071,139 +12135,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7211,24 +12231,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7242,14 +12259,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7259,37 +12281,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7299,45 +12321,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7346,7 +12369,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7354,21 +12377,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7385,11 +12408,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7399,20 +12427,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7420,23 +12448,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7445,53 +12467,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7499,7 +12515,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7507,21 +12523,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7535,14 +12551,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7552,139 +12573,185 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.1" - } + "name": "util-linux", + "version": "0:2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da8fb8ec75f41cac", - "name": "fluent-bit", - "version": "25.12.1", - "type": "binary", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7693,52 +12760,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7746,7 +12808,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7754,21 +12816,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7782,14 +12844,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7799,100 +12876,104 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7908,21 +12989,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7936,103 +13020,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8048,21 +13150,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8076,58 +13181,64 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -8138,44 +13249,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -8185,7 +13310,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8193,21 +13318,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8221,19 +13346,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8243,38 +13363,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8283,46 +13403,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8330,7 +13463,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8338,21 +13471,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8366,19 +13499,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8388,39 +13516,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8428,47 +13562,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8483,21 +13637,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -8511,17 +13665,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -8533,20 +13693,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8554,65 +13714,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8620,7 +13804,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8628,21 +13812,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8659,16 +13843,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8678,86 +13857,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8773,21 +13980,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8801,109 +14011,131 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8919,21 +14151,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8947,70 +14182,66 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9019,47 +14250,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9075,21 +14319,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9103,13 +14347,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9120,87 +14364,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9208,7 +14469,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9216,21 +14477,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9244,115 +14508,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9368,21 +14638,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9396,76 +14669,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9474,44 +14737,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9519,23 +14779,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9551,21 +14805,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -9579,13 +14833,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9596,39 +14850,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9636,52 +14890,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9696,21 +14945,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9724,37 +14973,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9762,17 +15011,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9781,51 +15030,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9833,7 +15077,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9841,21 +15085,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9869,66 +15113,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9937,52 +15170,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9990,7 +15229,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9998,21 +15237,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -10020,31 +15259,20 @@ "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10054,39 +15282,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -10094,61 +15322,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.003835 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -10163,21 +15388,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -10191,13 +15416,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10208,20 +15433,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10229,18 +15454,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -10248,41 +15473,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10290,18 +15502,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10316,21 +15528,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -10344,13 +15556,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10361,44 +15573,38 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -10407,66 +15613,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -10474,7 +15664,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10482,21 +15672,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -10510,25 +15700,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10538,118 +15717,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10657,21 +15813,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10685,14 +15841,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10702,39 +15869,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10742,68 +15909,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10811,21 +15965,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10839,14 +15993,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10856,38 +16021,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10896,59 +16061,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005225000000000001 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10964,21 +16129,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10992,13 +16157,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11009,98 +16174,101 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.004129999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11116,21 +16284,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11144,89 +16315,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11241,21 +16442,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11269,48 +16473,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -11318,58 +16522,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11377,21 +16614,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11405,127 +16645,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11533,7 +16767,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11541,21 +16775,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11569,46 +16806,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11622,37 +16870,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -11669,21 +16913,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11697,13 +16941,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11931,7 +17175,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -12043,6 +17287,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -12103,92 +17350,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.12.1.md b/docs/security/agent/grype-25.12.1.md index 7ac4973..7afe5cf 100644 --- a/docs/security/agent/grype-25.12.1.md +++ b/docs/security/agent/grype-25.12.1.md @@ -5,24 +5,33 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-pam | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-rpm-macros | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -30,56 +39,79 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.2.json b/docs/security/agent/grype-25.12.2.json index 56d6e77..67dcf77 100644 --- a/docs/security/agent/grype-25.12.2.json +++ b/docs/security/agent/grype-25.12.2.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,37 +3977,4508 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034499999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + ], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024475000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0234 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3623,17 +8486,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", + "cve": "CVE-2026-0988", "cwe": "CWE-190", - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3642,19 +8505,177 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.017085 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "nvd@nist.gov", @@ -3671,25 +8692,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +8718,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,48 +8749,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3774,36 +8787,60 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3816,17 +8853,25 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +8879,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,98 +8910,167 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +9078,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -3989,25 +9109,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,31 +9126,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4049,49 +9166,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +9235,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4127,25 +9263,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,38 +9280,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -4195,46 +9320,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.014069999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4250,21 +9375,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4278,13 +9403,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +9420,45 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,54 +9466,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4390,21 +9539,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -4418,25 +9567,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4446,38 +9584,44 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -4486,46 +9630,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -4533,7 +9684,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +9692,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -4569,29 +9720,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4601,20 +9737,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4622,17 +9758,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -4641,28 +9777,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +9811,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +9837,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,37 +9865,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,17 +9903,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -4781,28 +9922,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4810,17 +9956,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4836,21 +9982,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4864,66 +10010,72 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4932,28 +10084,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4961,17 +10113,23 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4979,7 +10137,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4987,21 +10145,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5015,29 +10173,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5047,39 +10190,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5087,54 +10230,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.0094 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +10291,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5170,14 +10319,25 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5187,39 +10347,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5227,47 +10387,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5282,21 +10456,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5310,13 +10484,13 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5327,39 +10501,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5367,57 +10541,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5425,21 +10597,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5453,25 +10625,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5481,39 +10642,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5521,50 +10682,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5579,21 +10738,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5607,23 +10766,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5635,105 +10794,87 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5741,7 +10882,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5749,24 +10890,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5780,14 +10918,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5797,38 +10950,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -5837,60 +10996,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5906,21 +11073,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +11101,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,17 +11118,17 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 6.1, "exploitabilityScore": 1.9, @@ -5972,24 +11139,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -5997,72 +11158,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6070,21 +11214,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6098,14 +11242,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6115,134 +11264,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.013649999999999999 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6250,54 +11304,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6305,21 +11360,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6336,11 +11391,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6350,139 +11410,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6490,24 +11506,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6521,14 +11534,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6538,37 +11556,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6578,45 +11596,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6625,7 +11644,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6633,21 +11652,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6664,11 +11683,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6678,20 +11702,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6699,23 +11723,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6724,53 +11742,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6778,7 +11790,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6786,21 +11798,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6814,14 +11826,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6831,139 +11848,185 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.2" - } + "name": "util-linux", + "version": "0:2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6972,52 +12035,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7025,7 +12083,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7033,21 +12091,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7061,14 +12119,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7078,100 +12151,104 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7187,21 +12264,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7215,103 +12295,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7327,21 +12425,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7355,58 +12456,64 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7417,44 +12524,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7464,7 +12585,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7472,21 +12593,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7500,19 +12621,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7522,38 +12638,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7562,46 +12678,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7609,7 +12738,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7617,21 +12746,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7645,19 +12774,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7667,39 +12791,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7707,47 +12837,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7762,21 +12912,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -7790,17 +12940,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -7812,20 +12968,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7833,65 +12989,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -7899,7 +13079,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7907,21 +13087,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7938,16 +13118,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7957,86 +13132,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8052,21 +13255,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8080,109 +13286,131 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8198,21 +13426,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8226,70 +13457,66 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8298,47 +13525,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8354,21 +13594,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8382,13 +13622,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8399,87 +13639,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8487,7 +13744,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8495,21 +13752,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8523,115 +13783,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8647,21 +13913,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8675,76 +13944,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8753,44 +14012,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8798,23 +14054,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8830,21 +14080,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8858,13 +14108,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8875,39 +14125,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -8915,52 +14165,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -8975,21 +14220,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9003,37 +14248,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9041,17 +14286,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9060,51 +14305,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9112,7 +14352,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9120,21 +14360,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9148,66 +14388,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9216,52 +14445,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9269,7 +14504,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9277,21 +14512,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9299,31 +14534,20 @@ "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9333,39 +14557,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9373,61 +14597,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.003835 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9442,21 +14663,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9470,13 +14691,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9487,20 +14708,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9508,18 +14729,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9527,41 +14748,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9569,18 +14777,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9595,21 +14803,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9623,13 +14831,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9640,44 +14848,38 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -9686,66 +14888,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -9753,7 +14939,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9761,21 +14947,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9789,25 +14975,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9817,118 +14992,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9936,21 +15088,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9964,14 +15116,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9981,39 +15144,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10021,68 +15184,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10090,21 +15240,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10118,14 +15268,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10135,38 +15296,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10175,59 +15336,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005225000000000001 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10243,21 +15404,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10271,13 +15432,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10288,98 +15449,101 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.004129999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10395,21 +15559,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10423,89 +15590,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10520,21 +15717,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10548,48 +15748,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10597,58 +15797,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10656,21 +15889,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10684,127 +15920,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10812,7 +16042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10820,21 +16050,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10848,46 +16081,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10901,37 +16145,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10948,21 +16188,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10976,13 +16216,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11210,7 +16450,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11322,6 +16562,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11382,92 +16625,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.12.2.md b/docs/security/agent/grype-25.12.2.md index 90b02a1..795ff70 100644 --- a/docs/security/agent/grype-25.12.2.md +++ b/docs/security/agent/grype-25.12.2.md @@ -5,20 +5,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -26,56 +35,79 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.3.json b/docs/security/agent/grype-25.12.3.json index 0b71fdd..9425951 100644 --- a/docs/security/agent/grype-25.12.3.json +++ b/docs/security/agent/grype-25.12.3.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,37 +3977,4508 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034499999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + ], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024475000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0234 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3623,17 +8486,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", + "cve": "CVE-2026-0988", "cwe": "CWE-190", - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3642,19 +8505,177 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.017085 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "nvd@nist.gov", @@ -3671,25 +8692,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +8718,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,48 +8749,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3774,36 +8787,60 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3816,17 +8853,25 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +8879,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,98 +8910,167 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +9078,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -3989,25 +9109,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,31 +9126,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4049,49 +9166,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +9235,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4127,25 +9263,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,38 +9280,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -4195,46 +9320,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.014069999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4250,21 +9375,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4278,13 +9403,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +9420,45 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,54 +9466,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4390,21 +9539,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -4418,25 +9567,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4446,38 +9584,44 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -4486,46 +9630,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -4533,7 +9684,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +9692,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -4569,29 +9720,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4601,20 +9737,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4622,17 +9758,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -4641,28 +9777,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +9811,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +9837,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,37 +9865,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,17 +9903,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -4781,28 +9922,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4810,17 +9956,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4836,21 +9982,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4864,66 +10010,72 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4932,28 +10084,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4961,17 +10113,23 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4979,7 +10137,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4987,21 +10145,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5015,29 +10173,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5047,39 +10190,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5087,54 +10230,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.0094 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +10291,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5170,14 +10319,25 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5187,39 +10347,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5227,47 +10387,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5282,21 +10456,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5310,13 +10484,13 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5327,39 +10501,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5367,57 +10541,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5425,21 +10597,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5453,25 +10625,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5481,39 +10642,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5521,50 +10682,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5579,21 +10738,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5607,23 +10766,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5635,105 +10794,87 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5741,7 +10882,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5749,24 +10890,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5780,14 +10918,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5797,38 +10950,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -5837,60 +10996,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5906,21 +11073,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +11101,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,17 +11118,17 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 6.1, "exploitabilityScore": 1.9, @@ -5972,24 +11139,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -5997,72 +11158,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6070,21 +11214,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6098,14 +11242,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6115,134 +11264,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.013649999999999999 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6250,54 +11304,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6305,21 +11360,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6336,11 +11391,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6350,139 +11410,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6490,24 +11506,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6521,14 +11534,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6538,37 +11556,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6578,45 +11596,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6625,7 +11644,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6633,21 +11652,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6664,11 +11683,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6678,20 +11702,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6699,23 +11723,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6724,53 +11742,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6778,7 +11790,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6786,21 +11798,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6814,14 +11826,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6831,139 +11848,185 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.3" - } + "name": "util-linux", + "version": "0:2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6972,52 +12035,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7025,7 +12083,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7033,21 +12091,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7061,14 +12119,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7078,100 +12151,104 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7187,21 +12264,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7215,103 +12295,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7327,21 +12425,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7355,58 +12456,64 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7417,44 +12524,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7464,7 +12585,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7472,21 +12593,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7500,19 +12621,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7522,38 +12638,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7562,46 +12678,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7609,7 +12738,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7617,21 +12746,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7645,19 +12774,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7667,39 +12791,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7707,47 +12837,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7762,21 +12912,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -7790,17 +12940,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -7812,20 +12968,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7833,65 +12989,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -7899,7 +13079,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7907,21 +13087,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7938,16 +13118,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7957,86 +13132,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8052,21 +13255,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8080,109 +13286,131 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8198,21 +13426,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8226,70 +13457,66 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8298,47 +13525,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8354,21 +13594,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8382,13 +13622,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8399,87 +13639,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8487,7 +13744,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8495,21 +13752,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8523,115 +13783,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8647,21 +13913,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8675,76 +13944,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8753,44 +14012,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8798,23 +14054,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8830,21 +14080,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8858,13 +14108,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8875,39 +14125,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -8915,52 +14165,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -8975,21 +14220,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9003,37 +14248,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9041,17 +14286,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9060,51 +14305,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9112,7 +14352,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9120,21 +14360,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9148,66 +14388,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9216,52 +14445,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9269,7 +14504,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9277,21 +14512,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9299,31 +14534,20 @@ "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9333,39 +14557,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9373,61 +14597,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.003835 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9442,21 +14663,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9470,13 +14691,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9487,20 +14708,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9508,18 +14729,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9527,41 +14748,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9569,18 +14777,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9595,21 +14803,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9623,13 +14831,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9640,44 +14848,38 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -9686,66 +14888,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -9753,7 +14939,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9761,21 +14947,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9789,25 +14975,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9817,118 +14992,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9936,21 +15088,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9964,14 +15116,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9981,39 +15144,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10021,68 +15184,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10090,21 +15240,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10118,14 +15268,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10135,38 +15296,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10175,59 +15336,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005225000000000001 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10243,21 +15404,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10271,13 +15432,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10288,98 +15449,101 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.004129999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10395,21 +15559,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10423,89 +15590,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10520,21 +15717,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10548,48 +15748,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10597,58 +15797,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10656,21 +15889,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10684,127 +15920,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10812,7 +16042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10820,21 +16050,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10848,46 +16081,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10901,37 +16145,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10948,21 +16188,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10976,13 +16216,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11210,7 +16450,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11322,6 +16562,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11382,92 +16625,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.12.3.md b/docs/security/agent/grype-25.12.3.md index 639bc57..01d6942 100644 --- a/docs/security/agent/grype-25.12.3.md +++ b/docs/security/agent/grype-25.12.3.md @@ -5,20 +5,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -26,56 +35,79 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.4.json b/docs/security/agent/grype-25.12.4.json index d32c29c..216c30f 100644 --- a/docs/security/agent/grype-25.12.4.json +++ b/docs/security/agent/grype-25.12.4.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,37 +3977,4508 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a747661bde11c949", + "name": "fluent-bit", + "version": "25.12.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034499999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + ], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a747661bde11c949", + "name": "fluent-bit", + "version": "25.12.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024475000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0234 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3623,17 +8486,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", + "cve": "CVE-2026-0988", "cwe": "CWE-190", - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3642,19 +8505,177 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.017085 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "nvd@nist.gov", @@ -3671,25 +8692,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +8718,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,48 +8749,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3774,36 +8787,60 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3816,17 +8853,25 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +8879,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,98 +8910,167 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +9078,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -3989,25 +9109,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,31 +9126,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4049,49 +9166,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +9235,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4127,25 +9263,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,38 +9280,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -4195,46 +9320,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.014069999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4250,21 +9375,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4278,13 +9403,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +9420,45 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,54 +9466,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4390,21 +9539,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -4418,25 +9567,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4446,38 +9584,44 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -4486,46 +9630,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -4533,7 +9684,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +9692,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -4569,29 +9720,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4601,20 +9737,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4622,17 +9758,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -4641,28 +9777,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +9811,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +9837,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,37 +9865,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,17 +9903,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -4781,28 +9922,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4810,17 +9956,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4836,21 +9982,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4864,66 +10010,72 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4932,28 +10084,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4961,17 +10113,23 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4979,7 +10137,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4987,21 +10145,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5015,29 +10173,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5047,39 +10190,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5087,54 +10230,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.0094 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +10291,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5170,14 +10319,25 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5187,39 +10347,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5227,47 +10387,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5282,21 +10456,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5310,13 +10484,13 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5327,39 +10501,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5367,57 +10541,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5425,21 +10597,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5453,25 +10625,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5481,39 +10642,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5521,50 +10682,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5579,21 +10738,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5607,23 +10766,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5635,105 +10794,87 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5741,7 +10882,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5749,24 +10890,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5780,14 +10918,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5797,38 +10950,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -5837,60 +10996,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5906,21 +11073,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +11101,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,17 +11118,17 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 6.1, "exploitabilityScore": 1.9, @@ -5972,24 +11139,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -5997,72 +11158,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6070,21 +11214,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6098,14 +11242,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6115,134 +11264,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.013649999999999999 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "a747661bde11c949", - "name": "fluent-bit", - "version": "25.12.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6250,54 +11304,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6305,21 +11360,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6336,11 +11391,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6350,139 +11410,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6490,24 +11506,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6521,14 +11534,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6538,37 +11556,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6578,45 +11596,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6625,7 +11644,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6633,21 +11652,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6664,11 +11683,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6678,20 +11702,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6699,23 +11723,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6724,53 +11742,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6778,7 +11790,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6786,21 +11798,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6814,14 +11826,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6831,139 +11848,185 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.4" - } + "name": "util-linux", + "version": "0:2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a747661bde11c949", - "name": "fluent-bit", - "version": "25.12.4", - "type": "binary", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6972,52 +12035,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7025,7 +12083,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7033,21 +12091,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7061,14 +12119,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7078,100 +12151,104 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7187,21 +12264,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7215,103 +12295,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7327,21 +12425,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7355,58 +12456,64 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7417,44 +12524,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7464,7 +12585,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7472,21 +12593,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7500,19 +12621,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7522,38 +12638,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7562,46 +12678,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7609,7 +12738,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7617,21 +12746,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7645,19 +12774,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7667,39 +12791,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7707,47 +12837,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7762,21 +12912,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -7790,17 +12940,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -7812,20 +12968,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7833,65 +12989,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -7899,7 +13079,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7907,21 +13087,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7938,16 +13118,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7957,86 +13132,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8052,21 +13255,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8080,109 +13286,131 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8198,21 +13426,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8226,70 +13457,66 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8298,47 +13525,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8354,21 +13594,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8382,13 +13622,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8399,87 +13639,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8487,7 +13744,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8495,21 +13752,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8523,115 +13783,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8647,21 +13913,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8675,76 +13944,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8753,44 +14012,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8798,23 +14054,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8830,21 +14080,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8858,13 +14108,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8875,39 +14125,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -8915,52 +14165,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -8975,21 +14220,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9003,37 +14248,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9041,17 +14286,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9060,51 +14305,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9112,7 +14352,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9120,21 +14360,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9148,66 +14388,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9216,52 +14445,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9269,7 +14504,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9277,21 +14512,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9299,31 +14534,20 @@ "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9333,39 +14557,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9373,61 +14597,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.003835 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9442,21 +14663,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9470,13 +14691,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9487,20 +14708,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9508,18 +14729,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9527,41 +14748,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9569,18 +14777,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9595,21 +14803,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9623,13 +14831,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9640,44 +14848,38 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -9686,66 +14888,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -9753,7 +14939,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9761,21 +14947,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9789,25 +14975,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9817,118 +14992,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9936,21 +15088,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9964,14 +15116,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9981,39 +15144,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10021,68 +15184,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10090,21 +15240,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10118,14 +15268,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10135,38 +15296,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10175,59 +15336,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005225000000000001 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10243,21 +15404,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10271,13 +15432,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10288,98 +15449,101 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.004129999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10395,21 +15559,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10423,89 +15590,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10520,21 +15717,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10548,48 +15748,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10597,58 +15797,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10656,21 +15889,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10684,127 +15920,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10812,7 +16042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10820,21 +16050,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10848,46 +16081,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10901,37 +16145,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10948,21 +16188,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10976,13 +16216,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11210,7 +16450,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11322,6 +16562,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11382,92 +16625,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-25.12.4.md b/docs/security/agent/grype-25.12.4.md index 8bb2d83..bf77225 100644 --- a/docs/security/agent/grype-25.12.4.md +++ b/docs/security/agent/grype-25.12.4.md @@ -5,20 +5,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 25.12.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 25.12.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -26,56 +35,79 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-26.1.1.json b/docs/security/agent/grype-26.1.1.json index 9cb737a..7caf0e6 100644 --- a/docs/security/agent/grype-26.1.1.json +++ b/docs/security/agent/grype-26.1.1.json @@ -2,88 +2,80 @@ "matches": [ { "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.7403299999999999 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -91,10 +83,10 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -102,37 +94,25 @@ ], "epss": [ { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", + "cve": "CVE-2024-9681", + "cwe": "CWE-697", "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -140,21 +120,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-2953", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -168,14 +148,25 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "MIT" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -185,31 +176,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -217,44 +216,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.974625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2024-9681", + "epss": 0.02825, + "percentile": 0.85865, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -275,14 +300,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -300,16 +325,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -325,83 +350,137 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 + }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.76934, - "date": "2026-01-26" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.80612, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -409,21 +488,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -437,25 +516,14 @@ ], "language": "", "licenses": [ - "MIT" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -487,9 +555,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -505,7 +573,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -553,9 +621,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -656,9 +724,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -674,7 +742,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.38346 + "risk": 0.40504 }, "relatedVulnerabilities": [ { @@ -722,9 +790,9 @@ "epss": [ { "cve": "CVE-2024-7264", - "epss": 0.00924, - "percentile": 0.75555, - "date": "2026-01-26" + "epss": 0.00976, + "percentile": 0.76387, + "date": "2026-02-02" } ], "cwes": [ @@ -826,8 +894,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -882,8 +950,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74369, - "date": "2026-01-26" + "percentile": 0.74499, + "date": "2026-02-02" } ], "cwes": [ @@ -951,86 +1019,105 @@ }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.22366 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00422, - "percentile": 0.61533, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14087", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -1046,21 +1133,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1074,127 +1164,266 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15467", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.20009999999999997 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.33475499999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.32084500000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1215,7 +1444,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1265,39 +1494,31 @@ }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ], "fix": { @@ -1305,70 +1526,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.32084500000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68306, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2024-9681", - "cwe": "CWE-697", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-11053", + "epss": 0.00721, + "percentile": 0.72128, + "date": "2026-02-02" } ] } @@ -1389,7 +1584,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -1462,8 +1657,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1511,8 +1706,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1603,8 +1798,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1652,8 +1847,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62301, - "date": "2026-01-26" + "percentile": 0.62438, + "date": "2026-02-02" } ], "cwes": [ @@ -1732,39 +1927,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1772,47 +1967,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.097555 + "risk": 0.18656000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00179, - "percentile": 0.39644, - "date": "2026-01-26" + "cve": "CVE-2025-14087", + "epss": 0.00352, + "percentile": 0.5719, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14087", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1827,21 +2022,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -1855,13 +2050,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1872,45 +2067,39 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -1918,66 +2107,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08233999999999998 + "risk": 0.13132 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39609, - "date": "2026-01-26" + "cve": "CVE-2025-3360", + "epss": 0.00392, + "percentile": 0.59796, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -1998,7 +2169,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -2037,44 +2208,38 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2083,73 +2248,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44061, - "date": "2026-01-26" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39684, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2171,7 +2309,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } @@ -2210,20 +2348,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2231,16 +2369,22 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2250,58 +2394,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "namespace": "nvd:cpe", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39649, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2310,7 +2460,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2318,21 +2468,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2346,19 +2496,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2368,37 +2513,43 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2408,58 +2559,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.065875 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.44166, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } @@ -2468,7 +2633,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2476,21 +2641,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2504,19 +2669,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2526,50 +2686,38 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24881", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "nvd@nist.gov", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -2578,46 +2726,198 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.06552000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2026-24881", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24881", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://dev.gnupg.org/T8044", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "cve@mitre.org", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, + "cve": "CVE-2026-24881", + "epss": 0.00084, + "percentile": 0.2449, + "date": "2026-02-02" + } + ], + "cwes": [ { - "source": "cna@vuldb.com", + "cve": "CVE-2026-24881", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-24881", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.4197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.062369999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", @@ -2645,8 +2945,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41901, - "date": "2026-01-26" + "percentile": 0.4197, + "date": "2026-02-02" } ], "cwes": [ @@ -2749,8 +3049,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2808,8 +3108,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2900,8 +3200,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -2959,8 +3259,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.31967, - "date": "2026-01-26" + "percentile": 0.31947, + "date": "2026-02-02" } ], "cwes": [ @@ -3039,69 +3339,86 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03618 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3109,17 +3426,17 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00108, - "percentile": 0.29504, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3135,21 +3452,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3163,37 +3483,37 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3201,65 +3521,83 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.034499999999999996 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038715000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.1881, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3267,7 +3605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3275,21 +3613,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3303,29 +3644,40 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", @@ -3341,49 +3693,65 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3391,18 +3759,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22939, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3417,21 +3785,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3445,80 +3816,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.038270000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3531,25 +3920,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3557,21 +3946,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3585,37 +3977,4508 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "26.1.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6f4d3a571294a37a", + "name": "fluent-bit", + "version": "26.1.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@26.1.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.035339999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034499999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + ], + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22875, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-45322", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "0:10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.032785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" + ], + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.236, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "pcre2", + "version": "10.40-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-41409", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "26.1.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6f4d3a571294a37a", + "name": "fluent-bit", + "version": "26.1.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@26.1.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026700000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15468", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15468", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024475000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.1575, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0234 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00045, + "percentile": 0.13544, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02314 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:7.76.1-35.el9_7.3" + ], + "state": "fixed", + "available": [ + { + "version": "0:7.76.1-35.el9_7.3", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1350", + "link": "https://access.redhat.com/errata/RHSA-2026:1350" + } + ], + "risk": 0.022144999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00043, + "percentile": 0.12767, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "< 0:7.76.1-35.el9_7.3 (rpm)" + }, + "fix": { + "suggestedVersion": "0:7.76.1-35.el9_7.3" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.02125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gcc", + "version": "11.5.0-11.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0207 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + ], + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1484", + "epss": 0.00045, + "percentile": 0.13639, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.2081, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.1834, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.017145 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/errata/RHSA-2026:1323", + "https://access.redhat.com/errata/RHSA-2026:1324", + "https://access.redhat.com/errata/RHSA-2026:1326", + "https://access.redhat.com/errata/RHSA-2026:1327", + "https://access.redhat.com/errata/RHSA-2026:1465", + "https://access.redhat.com/errata/RHSA-2026:1608", + "https://access.redhat.com/errata/RHSA-2026:1624", + "https://access.redhat.com/errata/RHSA-2026:1625", + "https://access.redhat.com/errata/RHSA-2026:1626", + "https://access.redhat.com/errata/RHSA-2026:1627", + "https://access.redhat.com/errata/RHSA-2026:1652", + "https://access.redhat.com/errata/RHSA-2026:1736", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00027, + "percentile": 0.06874, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3623,17 +8486,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", + "cve": "CVE-2026-0988", "cwe": "CWE-190", - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3642,19 +8505,177 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.017085 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00051, + "percentile": 0.15823, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "nvd@nist.gov", @@ -3671,25 +8692,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23676, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3697,21 +8718,24 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3725,48 +8749,37 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3774,36 +8787,60 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024475000000000007 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.015200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -3816,17 +8853,25 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3834,21 +8879,24 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -3862,98 +8910,167 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.014535000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-68973", + "epss": 0.00019, + "percentile": 0.04026, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3961,21 +9078,24 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -3989,25 +9109,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4017,31 +9126,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4049,49 +9166,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15816, - "date": "2026-01-26" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08073, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4099,21 +9235,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4127,25 +9263,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4155,38 +9280,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -4195,46 +9320,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.014069999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2025-7039", + "epss": 0.00042, + "percentile": 0.12575, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4250,21 +9375,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4278,13 +9403,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4295,39 +9420,45 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4335,54 +9466,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.05882, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4390,21 +9539,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -4418,25 +9567,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4446,38 +9584,44 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -4486,46 +9630,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02314 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -4533,7 +9684,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4541,21 +9692,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -4569,29 +9720,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4601,20 +9737,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4622,17 +9758,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -4641,28 +9777,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4670,17 +9811,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4696,21 +9837,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4724,37 +9865,37 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,17 +9903,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -4781,28 +9922,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.009455 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4810,17 +9956,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4836,21 +9982,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4864,66 +10010,72 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -4932,28 +10084,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4961,17 +10113,23 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03549, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4979,7 +10137,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4987,21 +10145,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5015,29 +10173,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5047,39 +10190,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5087,54 +10230,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.0094 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20874, - "date": "2026-01-26" + "cve": "CVE-2025-5278", + "epss": 0.0002, + "percentile": 0.04423, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5142,21 +10291,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5170,14 +10319,25 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5187,39 +10347,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5227,47 +10387,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18375, - "date": "2026-01-26" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06662, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5282,21 +10456,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5310,13 +10484,13 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5327,39 +10501,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5367,57 +10541,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5425,21 +10597,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5453,25 +10625,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5481,39 +10642,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5521,50 +10682,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10941, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5579,21 +10738,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5607,23 +10766,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5635,105 +10794,87 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.015875 + "advisories": [], + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/errata/RHSA-2026:0975", - "https://access.redhat.com/errata/RHSA-2026:0991", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00025, - "percentile": 0.05997, - "date": "2026-01-26" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13601", + "cve": "CVE-2026-0861", "cwe": "CWE-190", - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5741,7 +10882,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5749,24 +10890,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5780,14 +10918,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5797,38 +10950,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -5837,60 +10996,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08092, - "date": "2026-01-26" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04155, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5906,21 +11073,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +11101,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,17 +11118,17 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 6.1, "exploitabilityScore": 1.9, @@ -5972,24 +11139,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -5997,72 +11158,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08489, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6070,21 +11214,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6098,14 +11242,19 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6115,134 +11264,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.013649999999999999 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "26.1.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "6f4d3a571294a37a", - "name": "fluent-bit", - "version": "26.1.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@26.1.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6250,54 +11304,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11451, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6305,21 +11360,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6336,11 +11391,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6350,139 +11410,95 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02842, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6490,24 +11506,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6521,14 +11534,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6538,37 +11556,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6578,45 +11596,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08946, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6625,7 +11644,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6633,21 +11652,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6664,11 +11683,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6678,20 +11702,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6699,23 +11723,17 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6724,53 +11742,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-14104", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6778,7 +11790,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6786,21 +11798,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6814,14 +11826,19 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6831,139 +11848,185 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.008324999999999997 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "26.1.1" - } + "name": "util-linux", + "version": "0:2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6f4d3a571294a37a", - "name": "fluent-bit", - "version": "26.1.1", - "type": "binary", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@26.1.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6972,52 +12035,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.008324999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03504, - "date": "2026-01-26" + "cve": "CVE-2025-14104", + "epss": 0.00015, + "percentile": 0.02436, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7025,7 +12083,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7033,21 +12091,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7061,14 +12119,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7078,100 +12151,104 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.0664, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7187,21 +12264,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7215,103 +12295,121 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007650000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7327,21 +12425,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -7355,58 +12456,64 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7417,44 +12524,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04881, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" @@ -7464,7 +12585,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7472,21 +12593,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7500,19 +12621,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7522,38 +12638,38 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7562,46 +12678,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06098, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7609,7 +12738,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7617,21 +12746,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7645,19 +12774,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7667,39 +12791,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7707,47 +12837,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.03696, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7762,21 +12912,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -7790,17 +12940,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", @@ -7812,20 +12968,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7833,65 +12989,89 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01682, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -7899,7 +13079,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7907,21 +13087,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7938,16 +13118,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7957,86 +13132,114 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8052,21 +13255,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8080,109 +13286,131 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02693, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8198,21 +13426,24 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8226,70 +13457,66 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8298,47 +13525,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8354,21 +13594,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8382,13 +13622,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8399,87 +13639,104 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8487,7 +13744,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8495,21 +13752,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8523,115 +13783,121 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68160", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00888 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.00539 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8647,21 +13913,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8675,76 +13944,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8753,44 +14012,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8798,23 +14054,17 @@ ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04089, - "date": "2026-01-26" + "percentile": 0.03981, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8830,21 +14080,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8858,13 +14108,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8875,39 +14125,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24882", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -8915,52 +14165,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00477 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8045", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24882", + "epss": 0.00006, + "percentile": 0.00325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-24882", + "cwe": "CWE-121", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -8975,21 +14220,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24882", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9003,37 +14248,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9041,17 +14286,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9060,51 +14305,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.004689999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" + "cve": "CVE-2026-24883", + "epss": 0.00014, + "percentile": 0.01837, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9112,7 +14352,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9120,21 +14360,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9148,66 +14388,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9216,52 +14445,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03788, - "date": "2026-01-26" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.0213, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9269,7 +14504,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9277,21 +14512,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9299,31 +14534,20 @@ "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9333,39 +14557,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ], "fix": { @@ -9373,61 +14597,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007245 + "risk": 0.003835 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00021, - "percentile": 0.04833, - "date": "2026-01-26" + "cve": "CVE-2026-24515", + "epss": 0.00013, + "percentile": 0.01679, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Primary" } ] } @@ -9442,21 +14663,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -9470,13 +14691,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9487,20 +14708,20 @@ }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9508,18 +14729,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -9527,41 +14748,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.0037699999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9569,18 +14777,18 @@ ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06111, - "date": "2026-01-26" + "cve": "CVE-2026-1485", + "epss": 0.00013, + "percentile": 0.01772, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9595,21 +14803,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9623,13 +14831,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9640,44 +14848,38 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ], @@ -9686,66 +14888,50 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.0034999999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.03645, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", "type": "Primary" } ] @@ -9753,7 +14939,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9761,21 +14947,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -9789,25 +14975,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9817,118 +14992,95 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01623, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9936,21 +15088,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -9964,14 +15116,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9981,39 +15144,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10021,68 +15184,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05107, - "date": "2026-01-26" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00378, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10090,21 +15240,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -10118,14 +15268,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10135,38 +15296,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -10175,59 +15336,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005225000000000001 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00019, - "percentile": 0.03925, - "date": "2026-01-26" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00288, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -10243,21 +15404,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -10271,13 +15432,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10288,98 +15449,101 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.004129999999999999 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02057, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", - "source": "cve@mitre.org", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10395,21 +15559,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10423,89 +15590,119 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15469", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0021250000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10520,21 +15717,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10548,48 +15748,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 4.8, - "exploitabilityScore": 2.3, + "baseScore": 4, + "exploitabilityScore": 1.5, "impactScore": 2.6 }, "vendorMetadata": {} @@ -10597,58 +15797,91 @@ ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10656,21 +15889,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10684,127 +15920,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.002725 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00223, - "date": "2026-01-26" + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10812,7 +16042,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10820,21 +16050,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10848,46 +16081,57 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10901,37 +16145,33 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, + "baseScore": 6.2, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Primary" } @@ -10948,21 +16188,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10976,13 +16216,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11210,7 +16450,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -11322,6 +16562,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -11382,92 +16625,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/agent/grype-26.1.1.md b/docs/security/agent/grype-26.1.1.md index c948f56..af77359 100644 --- a/docs/security/agent/grype-26.1.1.md +++ b/docs/security/agent/grype-26.1.1.md @@ -5,20 +5,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| fluent-bit | 26.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | -| fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | -| fluent-bit | 26.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -26,56 +35,79 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | +| gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-latest.md b/docs/security/agent/grype-latest.md index 3fb237c..a5e3d4d 100644 --- a/docs/security/agent/grype-latest.md +++ b/docs/security/agent/grype-latest.md @@ -1,7 +1,8 @@ ## Known agent vulnerabilities -High and critical vulnerabilities not triaged for the latest version (ghcr.io/telemetryforge/agent:26.1.2) of the agent are shown below, as reported by Grype. +High and critical vulnerabilities not triaged for the latest version (ghcr.io/telemetryforge/agent:26.2.1) of the agent are shown below, as reported by Grype. | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | -| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | +| gnupg2 | 2.3.3-5.el9_7 | [CVE-2026-24881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24881) | High | +| gnupg2 | 2.3.3-5.el9_7 | [CVE-2026-24882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24882) | High | diff --git a/docs/security/oss/grype-4.0.14.json b/docs/security/oss/grype-4.0.14.json index 03eee4e..07d05d8 100644 --- a/docs/security/oss/grype-4.0.14.json +++ b/docs/security/oss/grype-4.0.14.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -189,6 +189,186 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15467", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15467", + "namespace": "debian:distro:debian:12", + "severity": "Critical", + "urls": [], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.36378000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" + ], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2011-3389", @@ -201,9 +381,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -219,7 +399,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.21190000000000003 + "risk": 0.3419500000000001 }, "relatedVulnerabilities": [ { @@ -336,9 +516,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -413,8 +593,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ], "fix": { @@ -467,8 +647,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ] } @@ -533,25 +713,25 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -561,60 +741,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.1038 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -631,27 +802,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -660,46 +831,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openldap" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", + "cve": "CVE-2017-17740", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -709,21 +871,169 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0746 + "risk": 0.08215 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openldap", + "version": "2.5.13+dfsg-5" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2017-17740", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80782, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0746 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { @@ -755,8 +1065,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ @@ -850,8 +1160,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -910,8 +1220,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -995,8 +1305,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1055,8 +1365,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1131,8 +1441,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1191,8 +1501,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1272,8 +1582,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1332,8 +1642,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1397,90 +1707,106 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.061950000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0645 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -1495,43 +1821,46 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -1539,16 +1868,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -1578,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" } ], "fix": { @@ -1588,7 +1919,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.06283 }, "relatedVulnerabilities": [ { @@ -1622,9 +1953,9 @@ "epss": [ { "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" } ] } @@ -1680,155 +2011,25 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0452 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" - ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -1838,29 +2039,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1868,7 +2072,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1879,16 +2083,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -1911,7 +2115,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -1965,81 +2169,113 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.04125 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.044805000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2047,137 +2283,170 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.042465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" - ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -2193,132 +2462,152 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03899999999999999 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2339,7 +2628,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -2393,87 +2682,88 @@ }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.033100000000000004 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } @@ -2490,27 +2780,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -2519,99 +2809,109 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0323 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2626,78 +2926,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2708,15 +2992,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2727,25 +3011,25 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.03075 + "risk": 0.03899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2756,15 +3040,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2788,7 +3072,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -2842,134 +3126,85 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", - "namespace": "debian:distro:debian:12", - "severity": "Low", - "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "" }, "advisories": [], - "risk": 0.02013 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" - ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.14" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "c905f0929b4d792a", + "name": "fluent-bit", + "version": "4.0.14", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -2978,37 +3213,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.14", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } @@ -3018,32 +3249,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01855 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -3051,16 +3294,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } @@ -3083,7 +3326,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3137,21 +3380,21 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3159,17 +3402,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -3178,29 +3421,28 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.01854 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3208,17 +3450,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3234,148 +3476,13 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.01565 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -3429,39 +3536,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -3472,7 +3579,7 @@ "state": "" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3490,7 +3597,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3524,96 +3631,96 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.012720000000000002 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3621,120 +3728,124 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.011100000000000002 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.024000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3742,17 +3853,17 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3760,7 +3871,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3768,127 +3879,161 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 3.1, "exploitabilityScore": 1.7, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.010815000000000002 + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 3.1, "exploitabilityScore": 1.7, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3903,27 +4048,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3932,20 +4080,1012 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01854 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.015965 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01235 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" + ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], @@ -3955,8 +5095,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4020,8 +5160,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4094,85 +5234,243 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ + "cwes": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0103 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, - "vendorMetadata": {} + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.0103 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.0.14" - } + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c905f0929b4d792a", - "name": "fluent-bit", - "version": "4.0.14", - "type": "binary", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -4181,10 +5479,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.14", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { @@ -4200,8 +5502,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4248,8 +5550,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4284,15 +5586,15 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -4301,18 +5603,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -4333,8 +5631,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4381,8 +5679,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4417,15 +5715,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -4434,9 +5732,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -4446,75 +5744,285 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00679 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" - ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4529,71 +6037,90 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4603,45 +6130,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4658,68 +6199,93 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4727,56 +6293,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4791,27 +6367,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4820,39 +6396,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4860,67 +6442,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4928,98 +6516,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5029,29 +6581,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5060,10 +6611,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, + "baseScore": 1.9, + "exploitabilityScore": 3.4, "impactScore": 2.9 }, "vendorMetadata": {} @@ -5071,16 +6622,16 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5097,27 +6648,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -5126,37 +6677,46 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "gcc-12" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5166,58 +6726,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5234,94 +6783,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5331,58 +6852,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5391,7 +6901,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5399,89 +6909,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5491,58 +6974,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5559,89 +7031,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5651,59 +7100,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5712,7 +7149,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5720,135 +7157,110 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0045000000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5856,24 +7268,18 @@ ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -5888,27 +7294,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } @@ -5917,43 +7323,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "systemd" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -5963,64 +7363,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6029,7 +7410,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6037,27 +7418,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -6066,35 +7447,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6102,59 +7496,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6169,27 +7551,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -6198,48 +7580,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6247,49 +7620,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6304,27 +7675,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -6333,39 +7704,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "systemd" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6373,56 +7749,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6430,27 +7804,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -6459,35 +7833,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6495,30 +7873,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0029500000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6526,18 +7904,18 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6552,27 +7930,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6581,37 +7959,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "systemd" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6621,47 +7999,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6670,7 +8059,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6678,64 +8067,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6743,47 +8168,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6798,27 +8236,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -6827,48 +8265,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6876,47 +8305,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6931,68 +8373,96 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7000,47 +8470,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7055,73 +8538,91 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7129,47 +8630,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7184,66 +8698,89 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], - "language": "", - "licenses": [], + "language": "", + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -7253,47 +8790,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00245 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "https://github.com/openssl/openssl/issues/24253", + "https://minerva.crocs.fi.muni.cz" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -7310,115 +8845,167 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2025-27587", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-27587", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", - "cvss": [], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0023000000000000004 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0022500000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27587", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/issues/24253", - "https://minerva.crocs.fi.muni.cz" - ], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7440,8 +9027,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-27587", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], @@ -7507,8 +9097,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7574,8 +9164,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7656,8 +9246,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7723,8 +9313,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7773,7 +9363,113 @@ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00195 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -7782,10 +9478,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -7800,9 +9500,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -7818,7 +9518,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0010500000000000002 + "risk": 0.0015500000000000002 }, "relatedVulnerabilities": [ { @@ -7850,9 +9550,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -7927,8 +9627,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -7982,8 +9682,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -8060,116 +9760,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0007499999999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" - ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-10966", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -8183,8 +9773,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8224,8 +9822,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8278,130 +9884,6 @@ } ] } - }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } } ], "source": { @@ -8552,7 +10034,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -8664,6 +10146,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -8724,92 +10209,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/oss/grype-4.0.14.md b/docs/security/oss/grype-4.0.14.md index 0102cb2..6c66e85 100644 --- a/docs/security/oss/grype-4.0.14.md +++ b/docs/security/oss/grype-4.0.14.md @@ -5,21 +5,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.0.14 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.0.14 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -27,24 +36,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -58,10 +61,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | diff --git a/docs/security/oss/grype-4.1.0.json b/docs/security/oss/grype-4.1.0.json index b2d1b47..e904936 100644 --- a/docs/security/oss/grype-4.1.0.json +++ b/docs/security/oss/grype-4.1.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -189,6 +189,186 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15467", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15467", + "namespace": "debian:distro:debian:12", + "severity": "Critical", + "urls": [], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.36378000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" + ], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2011-3389", @@ -201,9 +381,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -219,7 +399,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.21190000000000003 + "risk": 0.3419500000000001 }, "relatedVulnerabilities": [ { @@ -336,9 +516,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -413,8 +593,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ], "fix": { @@ -467,8 +647,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ] } @@ -559,9 +739,9 @@ "epss": [ { "cve": "CVE-2025-12970", - "epss": 0.00134, - "percentile": 0.33556, - "date": "2026-01-26" + "epss": 0.00156, + "percentile": 0.36682, + "date": "2026-02-02" } ], "cwes": [ @@ -577,7 +757,7 @@ "state": "" }, "advisories": [], - "risk": 0.10921000000000002 + "risk": 0.12714 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -629,25 +809,25 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -657,60 +837,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.1038 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -727,27 +898,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -756,204 +927,133 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openldap" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" - } + "id": "CVE-2025-12977", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12977", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 9.1, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12977", + "epss": 0.00092, + "percentile": 0.2602, + "date": "2026-02-02" + } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12977", + "cwe": "CWE-1287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.0746 + "risk": 0.08326 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.0" + } }, "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12977", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2017-17740", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -963,25 +1063,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.08215 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -993,7 +1096,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1004,16 +1107,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2017-17740", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -1030,27 +1133,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -1059,46 +1162,133 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" - } - ], - "cwes": [ + "id": "CVE-2025-12978", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12978", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://fluentbit.io/announcements/v4.1.0/" + ], + "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.", + "cvss": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12978", + "epss": 0.00153, + "percentile": 0.36288, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.07955999999999999 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-12978", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80782, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1108,25 +1298,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1138,7 +1331,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1149,16 +1342,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1175,41 +1368,60 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } @@ -1227,8 +1439,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1287,8 +1499,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1323,15 +1535,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1340,14 +1552,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1368,8 +1584,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1428,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1464,15 +1680,15 @@ } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1481,9 +1697,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1493,208 +1709,1314 @@ }, { "vulnerability": { - "id": "CVE-2025-12977", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12977", - "namespace": "nvd:cpe", - "severity": "Critical", - "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" - ], - "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "metrics": { - "baseScore": 9.1, - "exploitabilityScore": 3.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12977", - "epss": 0.00078, - "percentile": 0.23442, - "date": "2026-01-26" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12977", - "cwe": "CWE-1287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.07059 + "risk": 0.07425000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80743, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80743, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80743, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0645 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10148", + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.06283 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" + ], + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10148", + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-10148", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.061950000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12972", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12972", + "epss": 0.00098, + "percentile": 0.27281, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12972", + "cwe": "CWE-22", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.050469999999999994 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-12972", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12969", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12969", + "epss": 0.00082, + "percentile": 0.24186, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12969", + "cwe": "CWE-306", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.04715 + }, + "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-12969", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.044805000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.0" - } + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12977", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-12978", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12978", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://fluentbit.io/announcements/v4.1.0/" - ], - "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12978", - "epss": 0.00131, - "percentile": 0.33181, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.06812 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.042465 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.0" - } + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12978", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1704,32 +3026,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.061950000000000005 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -1737,7 +3056,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1748,16 +3067,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1780,7 +3099,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -1834,307 +3153,125 @@ }, { "vulnerability": { - "id": "CVE-2025-12969", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" - ], - "description": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 2.6 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12969", - "epss": 0.00106, - "percentile": 0.291, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12969", - "cwe": "CWE-306", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.06094999999999999 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-12969", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" - } - ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-12972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12972", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" - ], - "description": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12972", - "epss": 0.00093, - "percentile": 0.26428, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12972", - "cwe": "CWE-22", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.047895 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.0" - } + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12972", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libtasn1-6", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -2143,89 +3280,109 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0452 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2240,27 +3397,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2269,99 +3429,100 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.03899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -2382,7 +3543,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -2436,21 +3597,23 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2458,87 +3621,61 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.04125 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.0" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", - "type": "deb", + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -2547,109 +3684,99 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "purl": "pkg:github/fluent/fluent-bit@4.1.0", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.040330000000000005 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2664,62 +3791,78 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2019-1010024", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "postgresql-15" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2730,15 +3873,15 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2026-0915", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2749,25 +3892,25 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.03899999999999999 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2778,15 +3921,15 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2026-0915", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2810,7 +3953,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -2862,6 +4005,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2018-6829", @@ -2874,9 +4112,9 @@ "epss": [ { "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ @@ -2888,72 +4126,223 @@ } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.025750000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.033100000000000004 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.024000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2961,128 +4350,187 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0323 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.02325 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-9230", + "epss": 0.00031, + "percentile": 0.08541, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3097,43 +4545,46 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -3141,103 +4592,113 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03075 + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -3253,182 +4714,123 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.02175 + "advisories": [], + "risk": 0.019700000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.07932, - "date": "2026-01-26" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3443,46 +4845,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -3490,113 +4889,104 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02013 + "risk": 0.01854 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -3612,30 +5002,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -3644,91 +5031,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "postgresql-15" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2025-9232", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.01855 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.016895 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2025-9232", + "epss": 0.00031, + "percentile": 0.08597, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3743,43 +5158,46 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -3787,28 +5205,30 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -3825,18 +5245,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3844,20 +5264,21 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.01854 + "risk": 0.015965 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -3874,18 +5295,18 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3906,7 +5327,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } @@ -3952,8 +5373,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" + "percentile": 0.54168, + "date": "2026-02-02" } ], "fix": { @@ -4019,8 +5440,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" + "percentile": 0.54168, + "date": "2026-02-02" } ] } @@ -4053,203 +5474,25 @@ "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.01526 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" - ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07303, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" - } - } - ], - "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -4257,117 +5500,20 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.013649999999999999 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2026-0861", @@ -4394,8 +5540,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ @@ -4443,8 +5589,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "percentile": 0.02667, + "date": "2026-02-02" } ], "cwes": [ @@ -4527,27 +5673,27 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4555,58 +5701,63 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.01235 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4614,27 +5765,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-2379", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4643,79 +5794,72 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.010815000000000002 + "risk": 0.011100000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4723,25 +5867,25 @@ ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4749,27 +5893,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -4778,14 +5922,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { @@ -4801,8 +5941,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4866,8 +6006,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4940,85 +6080,243 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ + "cwes": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0103 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, - "vendorMetadata": {} + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.0103 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.0" - } + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5027,10 +6325,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { @@ -5046,8 +6348,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -5094,8 +6396,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -5130,15 +6432,15 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5147,18 +6449,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5179,8 +6477,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -5227,8 +6525,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -5263,15 +6561,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -5280,9 +6578,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5292,75 +6590,285 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00679 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" - ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5375,71 +6883,90 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -5449,45 +6976,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -5504,68 +7045,93 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5573,56 +7139,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5637,27 +7213,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5666,39 +7242,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5706,67 +7288,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5774,98 +7362,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5875,29 +7427,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5906,10 +7457,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, + "baseScore": 1.9, + "exploitabilityScore": 3.4, "impactScore": 2.9 }, "vendorMetadata": {} @@ -5917,16 +7468,16 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5943,27 +7494,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -5972,37 +7523,46 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "gcc-12" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -6012,58 +7572,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -6080,94 +7629,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -6177,58 +7698,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -6237,7 +7747,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6245,89 +7755,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -6337,58 +7820,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -6405,89 +7877,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -6497,59 +7946,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -6558,7 +7995,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6566,135 +8003,110 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0045000000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6702,24 +8114,18 @@ ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -6734,27 +8140,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } @@ -6763,43 +8169,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "systemd" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6809,64 +8209,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6875,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6883,27 +8264,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -6912,35 +8293,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6948,59 +8342,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7015,27 +8397,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -7044,48 +8426,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7093,49 +8466,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7150,27 +8521,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -7179,39 +8550,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "systemd" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7219,56 +8595,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7276,27 +8650,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -7305,35 +8679,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7341,30 +8719,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0029500000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7372,18 +8750,18 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7398,27 +8776,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -7427,37 +8805,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "systemd" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -7467,47 +8845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -7516,7 +8905,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7524,64 +8913,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7589,47 +9014,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7644,27 +9082,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -7673,48 +9111,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7722,47 +9151,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7777,68 +9219,96 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7846,47 +9316,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7901,73 +9384,91 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7975,47 +9476,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8030,66 +9544,89 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], - "language": "", - "licenses": [], + "language": "", + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8099,47 +9636,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00245 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "https://github.com/openssl/openssl/issues/24253", + "https://minerva.crocs.fi.muni.cz" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8156,115 +9691,167 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2025-27587", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-27587", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", - "cvss": [], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0023000000000000004 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0022500000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27587", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/issues/24253", - "https://minerva.crocs.fi.muni.cz" - ], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8286,8 +9873,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-27587", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], @@ -8353,8 +9943,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -8420,8 +10010,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -8502,8 +10092,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -8569,8 +10159,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -8619,7 +10209,113 @@ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00195 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -8628,10 +10324,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -8646,9 +10346,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -8664,7 +10364,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0010500000000000002 + "risk": 0.0015500000000000002 }, "relatedVulnerabilities": [ { @@ -8696,9 +10396,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -8773,8 +10473,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -8828,8 +10528,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -8906,116 +10606,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0007499999999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" - ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-10966", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -9029,8 +10619,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -9070,8 +10668,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9124,130 +10730,6 @@ } ] } - }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } } ], "source": { @@ -9398,7 +10880,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -9510,6 +10992,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -9570,92 +11055,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/oss/grype-4.1.0.md b/docs/security/oss/grype-4.1.0.md index 3e91308..56d09f7 100644 --- a/docs/security/oss/grype-4.1.0.md +++ b/docs/security/oss/grype-4.1.0.md @@ -5,28 +5,37 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | fluent-bit | 4.1.0 | [CVE-2025-12977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12977) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | fluent-bit | 4.1.0 | [CVE-2025-12970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12970) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | fluent-bit | 4.1.0 | [CVE-2025-12978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12978) | Medium | -| fluent-bit | 4.1.0 | [CVE-2025-12969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12969) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12972) | Medium | +| fluent-bit | 4.1.0 | [CVE-2025-12969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12969) | Medium | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| fluent-bit | 4.1.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | -| fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | -| fluent-bit | 4.1.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -34,24 +43,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -65,10 +68,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | diff --git a/docs/security/oss/grype-4.1.1.json b/docs/security/oss/grype-4.1.1.json index b6bd9ff..0b4aa1b 100644 --- a/docs/security/oss/grype-4.1.1.json +++ b/docs/security/oss/grype-4.1.1.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -189,6 +189,186 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15467", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15467", + "namespace": "debian:distro:debian:12", + "severity": "Critical", + "urls": [], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.36378000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" + ], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2011-3389", @@ -201,9 +381,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -219,7 +399,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.21190000000000003 + "risk": 0.3419500000000001 }, "relatedVulnerabilities": [ { @@ -336,9 +516,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -413,8 +593,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ], "fix": { @@ -467,8 +647,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ] } @@ -533,25 +713,25 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -561,60 +741,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.1038 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -631,27 +802,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -660,46 +831,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openldap" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", + "cve": "CVE-2017-17740", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -709,21 +871,169 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0746 + "risk": 0.08215 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openldap", + "version": "2.5.13+dfsg-5" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2017-17740", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80782, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0746 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { @@ -755,8 +1065,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ @@ -850,8 +1160,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -910,8 +1220,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -995,8 +1305,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1055,8 +1365,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1131,8 +1441,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1191,8 +1501,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1272,8 +1582,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1332,8 +1642,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1397,90 +1707,106 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.061950000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0645 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -1495,43 +1821,46 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -1539,16 +1868,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -1578,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" } ], "fix": { @@ -1588,7 +1919,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.06283 }, "relatedVulnerabilities": [ { @@ -1622,9 +1953,9 @@ "epss": [ { "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" } ] } @@ -1680,155 +2011,25 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0452 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" - ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -1838,29 +2039,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1868,7 +2072,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1879,16 +2083,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -1911,7 +2115,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -1965,81 +2169,113 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.04125 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.044805000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2047,137 +2283,170 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.042465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" - ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -2193,132 +2462,152 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03899999999999999 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2339,7 +2628,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -2393,87 +2682,88 @@ }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.033100000000000004 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } @@ -2490,27 +2780,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -2519,99 +2809,109 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0323 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2626,78 +2926,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2708,15 +2992,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2727,25 +3011,25 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.03075 + "risk": 0.03899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2756,15 +3040,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2788,7 +3072,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -2842,134 +3126,85 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", - "namespace": "debian:distro:debian:12", - "severity": "Low", - "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "" }, "advisories": [], - "risk": 0.02013 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" - ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "dd108375663c1956", + "name": "fluent-bit", + "version": "4.1.1", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -2978,37 +3213,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.1.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } @@ -3018,32 +3249,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01855 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -3051,16 +3294,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } @@ -3083,7 +3326,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3137,21 +3380,21 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3159,17 +3402,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -3178,29 +3421,28 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.01854 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3208,17 +3450,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3234,148 +3476,13 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.01565 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -3429,39 +3536,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -3472,7 +3579,7 @@ "state": "" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3490,7 +3597,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3524,96 +3631,96 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.012720000000000002 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3621,120 +3728,124 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.011100000000000002 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.024000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3742,17 +3853,17 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3760,7 +3871,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3768,127 +3879,161 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 3.1, "exploitabilityScore": 1.7, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.010815000000000002 + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 3.1, "exploitabilityScore": 1.7, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3903,27 +4048,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3932,20 +4080,1012 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01854 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.015965 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01235 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" + ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], @@ -3955,8 +5095,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4020,8 +5160,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4094,85 +5234,243 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ + "cwes": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0103 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, - "vendorMetadata": {} + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.0103 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.1" - } + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dd108375663c1956", - "name": "fluent-bit", - "version": "4.1.1", - "type": "binary", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -4181,10 +5479,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.1", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { @@ -4200,8 +5502,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4248,8 +5550,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4284,15 +5586,15 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -4301,18 +5603,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -4333,8 +5631,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4381,8 +5679,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4417,15 +5715,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -4434,9 +5732,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -4446,75 +5744,285 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00679 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" - ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4529,71 +6037,90 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4603,45 +6130,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4658,68 +6199,93 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4727,56 +6293,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4791,27 +6367,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4820,39 +6396,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4860,67 +6442,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4928,98 +6516,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5029,29 +6581,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5060,10 +6611,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, + "baseScore": 1.9, + "exploitabilityScore": 3.4, "impactScore": 2.9 }, "vendorMetadata": {} @@ -5071,16 +6622,16 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5097,27 +6648,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -5126,37 +6677,46 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "gcc-12" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5166,58 +6726,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5234,94 +6783,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5331,58 +6852,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5391,7 +6901,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5399,89 +6909,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5491,58 +6974,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5559,89 +7031,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5651,59 +7100,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5712,7 +7149,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5720,135 +7157,110 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0045000000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5856,24 +7268,18 @@ ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -5888,27 +7294,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } @@ -5917,43 +7323,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "systemd" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -5963,64 +7363,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6029,7 +7410,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6037,27 +7418,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -6066,35 +7447,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6102,59 +7496,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6169,27 +7551,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -6198,48 +7580,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6247,49 +7620,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6304,27 +7675,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -6333,39 +7704,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "systemd" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6373,56 +7749,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6430,27 +7804,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -6459,35 +7833,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6495,30 +7873,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0029500000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6526,18 +7904,18 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6552,27 +7930,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6581,37 +7959,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "systemd" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6621,47 +7999,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6670,7 +8059,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6678,64 +8067,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6743,47 +8168,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6798,27 +8236,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -6827,48 +8265,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6876,47 +8305,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6931,68 +8373,96 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7000,47 +8470,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7055,73 +8538,91 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7129,47 +8630,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7184,66 +8698,89 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], - "language": "", - "licenses": [], + "language": "", + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -7253,47 +8790,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00245 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "https://github.com/openssl/openssl/issues/24253", + "https://minerva.crocs.fi.muni.cz" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -7310,115 +8845,167 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2025-27587", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-27587", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", - "cvss": [], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0023000000000000004 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0022500000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27587", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/issues/24253", - "https://minerva.crocs.fi.muni.cz" - ], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7440,8 +9027,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-27587", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], @@ -7507,8 +9097,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7574,8 +9164,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7656,8 +9246,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7723,8 +9313,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7773,7 +9363,113 @@ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00195 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -7782,10 +9478,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -7800,9 +9500,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -7818,7 +9518,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0010500000000000002 + "risk": 0.0015500000000000002 }, "relatedVulnerabilities": [ { @@ -7850,9 +9550,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -7927,8 +9627,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -7982,8 +9682,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -8060,116 +9760,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0007499999999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" - ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-10966", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -8183,8 +9773,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8224,8 +9822,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8278,130 +9884,6 @@ } ] } - }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } } ], "source": { @@ -8552,7 +10034,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -8664,6 +10146,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -8724,92 +10209,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/oss/grype-4.1.1.md b/docs/security/oss/grype-4.1.1.md index 9049593..1de0b75 100644 --- a/docs/security/oss/grype-4.1.1.md +++ b/docs/security/oss/grype-4.1.1.md @@ -5,21 +5,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -27,24 +36,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -58,10 +61,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | diff --git a/docs/security/oss/grype-4.1.2.json b/docs/security/oss/grype-4.1.2.json index 3483913..16ddde8 100644 --- a/docs/security/oss/grype-4.1.2.json +++ b/docs/security/oss/grype-4.1.2.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -189,6 +189,186 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15467", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15467", + "namespace": "debian:distro:debian:12", + "severity": "Critical", + "urls": [], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.36378000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" + ], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2011-3389", @@ -201,9 +381,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -219,7 +399,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.21190000000000003 + "risk": 0.3419500000000001 }, "relatedVulnerabilities": [ { @@ -336,9 +516,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -413,8 +593,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ], "fix": { @@ -467,8 +647,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ] } @@ -533,25 +713,25 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -561,60 +741,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.1038 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -631,27 +802,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -660,46 +831,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openldap" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", + "cve": "CVE-2017-17740", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -709,21 +871,169 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0746 + "risk": 0.08215 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openldap", + "version": "2.5.13+dfsg-5" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2017-17740", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80782, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0746 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { @@ -755,8 +1065,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ @@ -850,8 +1160,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -910,8 +1220,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -995,8 +1305,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1055,8 +1365,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1131,8 +1441,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1191,8 +1501,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1272,8 +1582,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1332,8 +1642,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1397,90 +1707,106 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.061950000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0645 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -1495,43 +1821,46 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -1539,16 +1868,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -1578,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" } ], "fix": { @@ -1588,7 +1919,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.06283 }, "relatedVulnerabilities": [ { @@ -1622,9 +1953,9 @@ "epss": [ { "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" } ] } @@ -1680,155 +2011,25 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0452 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" - ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -1838,29 +2039,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1868,7 +2072,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1879,16 +2083,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -1911,7 +2115,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -1965,81 +2169,113 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.04125 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.044805000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2047,137 +2283,170 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.042465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" - ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -2193,132 +2462,152 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03899999999999999 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2339,7 +2628,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -2393,87 +2682,88 @@ }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.033100000000000004 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } @@ -2490,27 +2780,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -2519,99 +2809,109 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0323 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2626,78 +2926,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2708,15 +2992,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2727,25 +3011,25 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.03075 + "risk": 0.03899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2756,15 +3040,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2788,7 +3072,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -2842,134 +3126,85 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", - "namespace": "debian:distro:debian:12", - "severity": "Low", - "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "" }, "advisories": [], - "risk": 0.02013 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" - ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "08d2144e99b02e72", + "name": "fluent-bit", + "version": "4.1.2", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -2978,37 +3213,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.1.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } @@ -3018,32 +3249,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01855 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -3051,16 +3294,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } @@ -3083,7 +3326,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3137,21 +3380,21 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3159,17 +3402,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -3178,29 +3421,28 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.01854 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3208,17 +3450,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3234,148 +3476,13 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.01565 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -3429,39 +3536,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -3472,7 +3579,7 @@ "state": "" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3490,7 +3597,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3524,96 +3631,96 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.012720000000000002 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3621,120 +3728,124 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.011100000000000002 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.024000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3742,17 +3853,17 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3760,7 +3871,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3768,127 +3879,161 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 3.1, "exploitabilityScore": 1.7, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.010815000000000002 + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 3.1, "exploitabilityScore": 1.7, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3903,27 +4048,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3932,20 +4080,1012 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01854 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.015965 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01235 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" + ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], @@ -3955,8 +5095,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4020,8 +5160,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4094,85 +5234,243 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ + "cwes": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0103 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, - "vendorMetadata": {} + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.0103 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.2" - } + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "08d2144e99b02e72", - "name": "fluent-bit", - "version": "4.1.2", - "type": "binary", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -4181,10 +5479,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.2", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { @@ -4200,8 +5502,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4248,8 +5550,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4284,15 +5586,15 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -4301,18 +5603,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -4333,8 +5631,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4381,8 +5679,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4417,15 +5715,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -4434,9 +5732,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -4446,75 +5744,285 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00679 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" - ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4529,71 +6037,90 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4603,45 +6130,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4658,68 +6199,93 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4727,56 +6293,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4791,27 +6367,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4820,39 +6396,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4860,67 +6442,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4928,98 +6516,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5029,29 +6581,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5060,10 +6611,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, + "baseScore": 1.9, + "exploitabilityScore": 3.4, "impactScore": 2.9 }, "vendorMetadata": {} @@ -5071,16 +6622,16 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5097,27 +6648,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -5126,37 +6677,46 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "gcc-12" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5166,58 +6726,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5234,94 +6783,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5331,58 +6852,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5391,7 +6901,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5399,89 +6909,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5491,58 +6974,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5559,89 +7031,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5651,59 +7100,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5712,7 +7149,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5720,135 +7157,110 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0045000000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5856,24 +7268,18 @@ ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -5888,27 +7294,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } @@ -5917,43 +7323,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "systemd" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -5963,64 +7363,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6029,7 +7410,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6037,27 +7418,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -6066,35 +7447,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6102,59 +7496,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6169,27 +7551,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -6198,48 +7580,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6247,49 +7620,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6304,27 +7675,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -6333,39 +7704,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "systemd" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6373,56 +7749,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6430,27 +7804,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -6459,35 +7833,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6495,30 +7873,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0029500000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6526,18 +7904,18 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6552,27 +7930,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6581,37 +7959,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "systemd" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6621,47 +7999,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6670,7 +8059,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6678,64 +8067,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6743,47 +8168,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6798,27 +8236,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -6827,48 +8265,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6876,47 +8305,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6931,68 +8373,96 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7000,47 +8470,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7055,73 +8538,91 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7129,47 +8630,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7184,66 +8698,89 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], - "language": "", - "licenses": [], + "language": "", + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -7253,47 +8790,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00245 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "https://github.com/openssl/openssl/issues/24253", + "https://minerva.crocs.fi.muni.cz" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -7310,115 +8845,167 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2025-27587", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-27587", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", - "cvss": [], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0023000000000000004 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0022500000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27587", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/issues/24253", - "https://minerva.crocs.fi.muni.cz" - ], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7440,8 +9027,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-27587", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], @@ -7507,8 +9097,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7574,8 +9164,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7656,8 +9246,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7723,8 +9313,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7773,7 +9363,113 @@ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00195 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -7782,10 +9478,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -7800,9 +9500,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -7818,7 +9518,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0010500000000000002 + "risk": 0.0015500000000000002 }, "relatedVulnerabilities": [ { @@ -7850,9 +9550,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -7927,8 +9627,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -7982,8 +9682,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -8060,116 +9760,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0007499999999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" - ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-10966", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -8183,8 +9773,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8224,8 +9822,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8278,130 +9884,6 @@ } ] } - }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } } ], "source": { @@ -8552,7 +10034,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -8664,6 +10146,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -8724,92 +10209,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/oss/grype-4.1.2.md b/docs/security/oss/grype-4.1.2.md index 04e9e16..41a6d3d 100644 --- a/docs/security/oss/grype-4.1.2.md +++ b/docs/security/oss/grype-4.1.2.md @@ -5,21 +5,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.1.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.1.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -27,24 +36,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -58,10 +61,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | diff --git a/docs/security/oss/grype-4.2.0.json b/docs/security/oss/grype-4.2.0.json index 226d23b..7b9bd3b 100644 --- a/docs/security/oss/grype-4.2.0.json +++ b/docs/security/oss/grype-4.2.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80516, - "date": "2026-01-26" + "percentile": 0.80612, + "date": "2026-02-02" } ], "cwes": [ @@ -189,6 +189,186 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15467", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15467", + "namespace": "debian:distro:debian:12", + "severity": "Critical", + "urls": [], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.36378000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" + ], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2011-3389", @@ -201,9 +381,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -219,7 +399,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.21190000000000003 + "risk": 0.3419500000000001 }, "relatedVulnerabilities": [ { @@ -336,9 +516,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -413,8 +593,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ], "fix": { @@ -467,8 +647,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ] } @@ -533,25 +713,25 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -561,60 +741,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.1038 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "cve": "CVE-2025-0725", + "epss": 0.02076, + "percentile": 0.83646, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", + "cve": "CVE-2025-0725", + "cwe": "CWE-120", "source": "nvd@nist.gov", "type": "Primary" } @@ -631,27 +802,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -660,46 +831,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openldap" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", + "cve": "CVE-2017-17740", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -709,21 +871,169 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0746 + "risk": 0.08215 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.8165, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openldap", + "version": "2.5.13+dfsg-5" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2017-17740", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80782, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0746 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { @@ -755,8 +1065,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ @@ -850,8 +1160,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -910,8 +1220,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -995,8 +1305,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1055,8 +1365,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1131,8 +1441,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1191,8 +1501,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1272,8 +1582,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1332,8 +1642,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1397,90 +1707,106 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.061950000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0645 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -1495,43 +1821,46 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -1539,16 +1868,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -1578,9 +1909,9 @@ "epss": [ { "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" } ], "fix": { @@ -1588,7 +1919,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.048924999999999996 + "risk": 0.06283 }, "relatedVulnerabilities": [ { @@ -1622,9 +1953,9 @@ "epss": [ { "cve": "CVE-2025-10148", - "epss": 0.00095, - "percentile": 0.2676, - "date": "2026-01-26" + "epss": 0.00122, + "percentile": 0.31772, + "date": "2026-02-02" } ] } @@ -1680,155 +2011,25 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0452 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" - ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 3.9, - "impactScore": 3.4 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75256, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-0725", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -1838,29 +2039,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1868,7 +2072,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1879,16 +2083,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -1911,7 +2115,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -1965,81 +2169,113 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.04125 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.044805000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2047,137 +2283,170 @@ "version": "12" }, "package": { - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "48b70e4d102cdd4b", - "name": "libtasn1-6", - "version": "4.19.0-2+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libtasn1-6", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.042465 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" - ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 7.4, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -2193,132 +2462,152 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03899999999999999 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2339,7 +2628,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -2393,87 +2682,88 @@ }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.033100000000000004 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17141, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } @@ -2490,27 +2780,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -2519,99 +2809,109 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0323 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2626,78 +2926,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2708,15 +2992,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2727,25 +3011,25 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.03075 + "risk": 0.03899999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2756,15 +3040,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -2788,7 +3072,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -2842,134 +3126,85 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", - "namespace": "debian:distro:debian:12", - "severity": "Low", - "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "" }, "advisories": [], - "risk": 0.02013 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" - ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.2.0" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "98f5fa2eeb129470", + "name": "fluent-bit", + "version": "4.2.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -2978,37 +3213,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.2.0", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } @@ -3018,32 +3249,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01855 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -3051,16 +3294,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } @@ -3083,7 +3326,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3137,21 +3380,21 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3159,17 +3402,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -3178,29 +3421,28 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.01854 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3208,17 +3450,17 @@ ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3234,148 +3476,13 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.01565 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -3429,39 +3536,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -3472,7 +3579,7 @@ "state": "" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3490,7 +3597,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3524,96 +3631,96 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.012720000000000002 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3621,120 +3728,124 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.011100000000000002 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.024000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3742,17 +3853,17 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3760,7 +3871,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3768,127 +3879,161 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 3.1, "exploitabilityScore": 1.7, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.010815000000000002 + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 3.1, "exploitabilityScore": 1.7, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3903,27 +4048,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3932,20 +4080,1012 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01854 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.015965 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01235 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" + ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2379", + "epss": 0.00247, + "percentile": 0.47803, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], @@ -3955,8 +5095,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4020,8 +5160,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "percentile": 0.44046, + "date": "2026-02-02" } ], "cwes": [ @@ -4094,85 +5234,243 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ + "cwes": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0103 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, - "vendorMetadata": {} + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.0103 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" + ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.2.0" - } + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "98f5fa2eeb129470", - "name": "fluent-bit", - "version": "4.2.0", - "type": "binary", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -4181,10 +5479,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.0", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { @@ -4200,8 +5502,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4248,8 +5550,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4284,15 +5586,15 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -4301,18 +5603,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -4333,8 +5631,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4381,8 +5679,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ @@ -4417,15 +5715,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -4434,9 +5732,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -4446,75 +5744,285 @@ }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0103 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00679 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" - ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4529,71 +6037,90 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4603,45 +6130,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4658,68 +6199,93 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4727,56 +6293,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42538, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4791,27 +6367,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4820,39 +6396,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4860,67 +6442,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4928,98 +6516,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5029,29 +6581,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5060,10 +6611,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, + "baseScore": 1.9, + "exploitabilityScore": 3.4, "impactScore": 2.9 }, "vendorMetadata": {} @@ -5071,16 +6622,16 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -5097,27 +6648,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -5126,37 +6677,46 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "gcc-12" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5166,58 +6726,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5234,94 +6783,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5331,58 +6852,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31438", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5391,7 +6901,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5399,89 +6909,62 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", - "upstreams": [ - { - "name": "gcc-12" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5491,58 +6974,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00775 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.00155, - "percentile": 0.3659, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5559,89 +7031,66 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libsystemd0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "gcc-12" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5651,59 +7100,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5712,7 +7149,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5720,135 +7157,110 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0045000000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5856,24 +7268,18 @@ ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -5888,27 +7294,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gnutls28", + "version": "3.7.9-2+deb12u5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2025-9820", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "5458fd103c1e4fd3", + "name": "libgnutls30", + "version": "3.7.9-2+deb12u5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgnutls30", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30", "annotations": { "evidence": "primary" } @@ -5917,43 +7323,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", "upstreams": [ { - "name": "systemd" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -5963,64 +7363,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6029,7 +7410,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6037,27 +7418,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -6066,35 +7447,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6102,59 +7496,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6169,27 +7551,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -6198,48 +7580,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6247,49 +7620,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6304,27 +7675,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -6333,39 +7704,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "systemd" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6373,56 +7749,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6430,27 +7804,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -6459,35 +7833,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6495,30 +7873,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0029500000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6526,18 +7904,18 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6552,27 +7930,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -6581,37 +7959,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "systemd" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6621,47 +7999,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -6670,7 +8059,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6678,64 +8067,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6743,47 +8168,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6798,27 +8236,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -6827,48 +8265,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6876,47 +8305,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6931,68 +8373,96 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7000,47 +8470,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7055,73 +8538,91 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7129,47 +8630,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0025 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15383, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7184,66 +8698,89 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], - "language": "", - "licenses": [], + "language": "", + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "krb5" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -7253,47 +8790,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00245 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2025-27587", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "https://github.com/openssl/openssl/issues/24253", + "https://minerva.crocs.fi.muni.cz" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-27587", + "epss": 0.00046, + "percentile": 0.13877, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2025-27587", + "cwe": "CWE-385", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -7310,115 +8845,167 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2025-27587", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-27587", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", - "cvss": [], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0023000000000000004 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0022500000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27587", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/issues/24253", - "https://minerva.crocs.fi.muni.cz" - ], - "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27587", - "epss": 0.00046, - "percentile": 0.13923, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-27587", - "cwe": "CWE-385", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -7440,8 +9027,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-27587", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], @@ -7507,8 +9097,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7574,8 +9164,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7656,8 +9246,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7723,8 +9313,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -7773,7 +9363,113 @@ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00195 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -7782,10 +9478,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -7800,9 +9500,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -7818,7 +9518,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0010500000000000002 + "risk": 0.0015500000000000002 }, "relatedVulnerabilities": [ { @@ -7850,9 +9550,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -7927,8 +9627,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -7982,8 +9682,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -8060,116 +9760,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0007499999999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" - ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-10966", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -8183,8 +9773,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8224,8 +9822,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8278,130 +9884,6 @@ } ] } - }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "gnutls28", - "version": "3.7.9-2+deb12u5" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5458fd103c1e4fd3", - "name": "libgnutls30", - "version": "3.7.9-2+deb12u5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30:libgnutls30:3.7.9-2\\+deb12u5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30@3.7.9-2%2Bdeb12u5?arch=amd64&distro=debian-12&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } } ], "source": { @@ -8552,7 +10034,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -8664,6 +10146,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -8724,92 +10209,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/oss/grype-4.2.0.md b/docs/security/oss/grype-4.2.0.md index f1c9590..01139ec 100644 --- a/docs/security/oss/grype-4.2.0.md +++ b/docs/security/oss/grype-4.2.0.md @@ -5,21 +5,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.2.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.2.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | @@ -27,24 +36,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -58,10 +61,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | diff --git a/docs/security/oss/grype-4.2.1.json b/docs/security/oss/grype-4.2.1.json index 27322be..2cf3270 100644 --- a/docs/security/oss/grype-4.2.1.json +++ b/docs/security/oss/grype-4.2.1.json @@ -1,5 +1,185 @@ { "matches": [ + { + "vulnerability": { + "id": "CVE-2025-15467", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15467", + "namespace": "debian:distro:debian:13", + "severity": "Critical", + "urls": [], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.36378000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" + ], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2011-3389", @@ -12,9 +192,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -30,7 +210,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.21190000000000003 + "risk": 0.3419500000000001 }, "relatedVulnerabilities": [ { @@ -147,9 +327,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -224,8 +404,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ], "fix": { @@ -278,8 +458,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ] } @@ -346,8 +526,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ @@ -409,8 +589,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ @@ -485,8 +665,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ @@ -548,8 +728,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ @@ -673,8 +853,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -733,8 +913,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -818,8 +998,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -878,8 +1058,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -954,8 +1134,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1014,8 +1194,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1095,8 +1275,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1155,8 +1335,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1218,6 +1398,185 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0645 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2019-1010025", @@ -1231,8 +1590,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ @@ -1294,8 +1653,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ @@ -1408,27 +1767,385 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" - } - ], - "cwes": [ + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.044805000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.042465 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1479,8 +2196,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ @@ -1617,8 +2334,16 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1659,8 +2384,16 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1741,8 +2474,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ @@ -1797,8 +2530,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ @@ -1889,8 +2622,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ @@ -1937,8 +2670,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ @@ -2051,96 +2784,202 @@ }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6601a8043e1f952a", + "name": "fluent-bit", + "version": "4.2.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-66199", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service). In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs. This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks. Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.033100000000000004 + "risk": 0.0327 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2148,39 +2987,67 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { @@ -2196,8 +3063,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ @@ -2260,8 +3127,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ @@ -2374,21 +3241,21 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15468", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2396,47 +3263,59 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03075 + "risk": 0.032155 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2444,17 +3323,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -2470,43 +3349,46 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" - } + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } @@ -2514,277 +3396,110 @@ ], "language": "", "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:13", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "17.7-0+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "17.7-0+deb13u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02013 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 17.7-0+deb13u1 (deb)" - }, - "fix": { - "suggestedVersion": "17.7-0+deb13u1" - } - } - ], - "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", - "upstreams": [ - { - "name": "postgresql-17" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.01855 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], "matchDetails": [ { "type": "exact-indirect-match", @@ -2801,7 +3516,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -2885,124 +3600,85 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", - "namespace": "debian:distro:debian:13", - "severity": "Medium", - "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", + "cve": "CVE-2025-29477", + "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.01854 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" - ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" - }, - "namespace": "debian:distro:debian:13" + "name": "fluent-bit", + "version": "4.2.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-14819", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", - "type": "deb", + "id": "6601a8043e1f952a", + "name": "fluent-bit", + "version": "4.2.1", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -3011,31 +3687,35 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.2.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3043,32 +3723,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01565 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3076,40 +3755,36 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3117,46 +3792,1145 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "libgcrypt20", + "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.024000000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:13", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "17.7-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.02013 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12817/" + ], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "postgresql-17", + "version": "17.6-0+deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 17.7-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.7-0+deb13u1" + } + } + ], + "artifact": { + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", + "upstreams": [ + { + "name": "postgresql-17" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01854 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.015965 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", @@ -3195,35 +4969,298 @@ "public-domain" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44046, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0108 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44046, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openldap", + "version": "2.6.10+dfsg-1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2020-15719", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap2", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libldap2", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { - "name": "glibc" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-13034", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", + "namespace": "debian:distro:debian:13", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3231,61 +5268,101 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-13034", + "epss": 0.00019, + "percentile": 0.04279, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2025-13034", + "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.010355000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13034", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-13034.html", + "https://curl.se/docs/CVE-2025-13034.json" + ], + "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13034", + "epss": 0.00019, + "percentile": 0.04279, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13034", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "13" + }, "package": { - "name": "fluent-bit", - "version": "4.2.1" - } + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-13034", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6601a8043e1f952a", - "name": "fluent-bit", - "version": "4.2.1", - "type": "binary", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -3294,97 +5371,87 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.1", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.012720000000000002 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3399,117 +5466,77 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3517,58 +5544,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3576,27 +5599,27 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3605,96 +5628,85 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.010815000000000002 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -3711,27 +5723,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -3740,37 +5752,42 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -3780,62 +5797,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -3852,27 +5852,27 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2020-15719", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -3881,128 +5881,212 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "namespace": "debian:distro:debian:13", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00945 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "13" + }, "package": { - "name": "fluent-bit", - "version": "4.2.1" - } + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "6601a8043e1f952a", - "name": "fluent-bit", - "version": "4.2.1", - "type": "binary", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.1", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-13034", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], - "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4010,47 +6094,65 @@ ], "epss": [ { - "cve": "CVE-2025-13034", - "epss": 0.00019, - "percentile": 0.04223, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13034", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.010355000000000001 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00679 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13034", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-13034.html", - "https://curl.se/docs/CVE-2025-13034.json" - ], - "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4058,17 +6160,17 @@ ], "epss": [ { - "cve": "CVE-2025-13034", - "epss": 0.00019, - "percentile": 0.04223, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13034", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4084,116 +6186,176 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-13034", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-11187", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-11187", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4208,75 +6370,90 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", - "version": "1.21.3-5", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4286,45 +6463,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4341,68 +6532,123 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", - "version": "1.21.3-5", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4410,25 +6656,38 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4439,18 +6698,24 @@ ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4465,27 +6730,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4494,44 +6759,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4539,25 +6805,38 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4568,25 +6847,31 @@ ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4594,27 +6879,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } @@ -4623,37 +6908,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -4663,31 +6944,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -4695,27 +6974,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -4732,123 +7011,68 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "openldap", + "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libldap2", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { - "name": "glibc" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -4856,20 +7080,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4882,40 +7107,22 @@ "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -4936,7 +7143,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -4971,33 +7178,27 @@ }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -5005,20 +7206,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -5031,40 +7233,22 @@ "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -5085,7 +7269,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -5116,25 +7300,25 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5144,57 +7328,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5211,27 +7385,27 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5240,36 +7414,36 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "openldap" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", + "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -5280,21 +7454,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -5311,15 +7485,15 @@ ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", + "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -5329,7 +7503,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5343,21 +7517,21 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4f3b916d8498c51d", - "name": "libsystemd0", + "id": "8105926f22d394d9", + "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } @@ -5366,70 +7540,90 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", - "upstreams": [ - { - "name": "systemd" - } - ] + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.8.9-3+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u1", + "date": "2026-01-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.005 + "risk": 0.0045000000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5437,17 +7631,17 @@ ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5455,7 +7649,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5463,27 +7657,30 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u1" } } ], "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } @@ -5492,35 +7689,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5528,49 +7729,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5585,27 +7784,27 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4f3b916d8498c51d", - "name": "libsystemd0", - "version": "257.9-1~deb13u1", + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5614,39 +7813,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "systemd" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5654,56 +7862,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5711,27 +7917,27 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5740,10 +7946,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { @@ -5759,8 +7969,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ @@ -5807,8 +8017,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ @@ -5843,15 +8053,15 @@ } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5860,18 +8070,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5892,8 +8098,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ @@ -5940,8 +8146,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ @@ -5976,15 +8182,15 @@ } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -5993,9 +8199,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -6005,25 +8211,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6033,45 +8239,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0029500000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6088,27 +8296,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -6117,73 +8325,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-15469", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15469", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated. When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath. The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected. The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary. OpenSSL 3.5 and 3.6 are vulnerable to this issue. OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", - "cvss": [], + ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.002625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6191,17 +8417,17 @@ ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6217,117 +8443,170 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26461", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-69418", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", - "cvss": [], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.00245 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0022500000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" - ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6343,41 +8622,65 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15224", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } @@ -6395,8 +8698,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -6462,8 +8765,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -6544,8 +8847,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -6611,8 +8914,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -6676,6 +8979,116 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00195 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-15079", @@ -6688,9 +9101,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -6706,7 +9119,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0010500000000000002 + "risk": 0.0015500000000000002 }, "relatedVulnerabilities": [ { @@ -6738,9 +9151,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -6815,8 +9228,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -6870,8 +9283,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -6939,116 +9352,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0007499999999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" - ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-10966", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4t64", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -7062,8 +9365,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7103,8 +9414,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7157,142 +9476,6 @@ } ] } - }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:13", - "severity": "Medium", - "urls": [], - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "3.8.9-3+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u1", - "date": "2026-01-11", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "gnutls28", - "version": "3.8.9-3" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u1" - } - } - ], - "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } } ], "source": { @@ -7453,7 +9636,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -7565,6 +9748,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -7625,92 +9811,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/oss/grype-4.2.1.md b/docs/security/oss/grype-4.2.1.md index 3fdc67b..1022470 100644 --- a/docs/security/oss/grype-4.2.1.md +++ b/docs/security/oss/grype-4.2.1.md @@ -5,17 +5,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.2.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Medium | | fluent-bit | 4.2.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-13034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30t64 | 3.8.9-3 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -27,8 +39,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5support0 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.41-12 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | | libgcrypt20 | 1.11.0-7 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | @@ -52,7 +64,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | diff --git a/docs/security/oss/grype-4.2.2.json b/docs/security/oss/grype-4.2.2.json index e3acc51..0d312de 100644 --- a/docs/security/oss/grype-4.2.2.json +++ b/docs/security/oss/grype-4.2.2.json @@ -1,5 +1,185 @@ { "matches": [ + { + "vulnerability": { + "id": "CVE-2025-15467", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15467", + "namespace": "debian:distro:debian:13", + "severity": "Critical", + "urls": [], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.36378000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15467", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://openssl-library.org/news/secadv/20260127.txt", + "http://www.openwall.com/lists/oss-security/2026/01/27/10" + ], + "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15467", + "epss": 0.00387, + "percentile": 0.59412, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15467", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-15467", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2011-3389", @@ -12,9 +192,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -30,7 +210,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.21190000000000003 + "risk": 0.3419500000000001 }, "relatedVulnerabilities": [ { @@ -147,9 +327,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04238, - "percentile": 0.88476, - "date": "2026-01-26" + "epss": 0.06839, + "percentile": 0.91173, + "date": "2026-02-02" } ], "cwes": [ @@ -224,8 +404,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ], "fix": { @@ -278,8 +458,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86054, - "date": "2026-01-26" + "percentile": 0.86138, + "date": "2026-02-02" } ] } @@ -346,8 +526,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ @@ -409,8 +589,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81568, - "date": "2026-01-26" + "percentile": 0.8165, + "date": "2026-02-02" } ], "cwes": [ @@ -485,8 +665,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ @@ -548,8 +728,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80688, - "date": "2026-01-26" + "percentile": 0.80782, + "date": "2026-02-02" } ], "cwes": [ @@ -673,8 +853,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -733,8 +913,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -818,8 +998,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -878,8 +1058,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -954,8 +1134,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1014,8 +1194,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1095,8 +1275,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1155,8 +1335,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80649, - "date": "2026-01-26" + "percentile": 0.80743, + "date": "2026-02-02" } ], "cwes": [ @@ -1218,6 +1398,185 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0645 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69420", + "epss": 0.00086, + "percentile": 0.24975, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2019-1010025", @@ -1231,8 +1590,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ @@ -1294,8 +1653,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78852, - "date": "2026-01-26" + "percentile": 0.78954, + "date": "2026-02-02" } ], "cwes": [ @@ -1408,27 +1767,385 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" - } - ], - "cwes": [ + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.044805000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22796", + "epss": 0.00087, + "percentile": 0.25109, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.042465 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00057, + "percentile": 0.17852, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74374, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1479,8 +2196,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74244, - "date": "2026-01-26" + "percentile": 0.74374, + "date": "2026-02-02" } ], "cwes": [ @@ -1617,8 +2334,16 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1659,8 +2384,16 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17164, - "date": "2026-01-26" + "percentile": 0.17141, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1741,8 +2474,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ @@ -1797,8 +2530,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22562, - "date": "2026-01-26" + "percentile": 0.225, + "date": "2026-02-02" } ], "cwes": [ @@ -1889,8 +2622,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ @@ -1937,8 +2670,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00052, - "percentile": 0.16409, - "date": "2026-01-26" + "percentile": 0.16371, + "date": "2026-02-02" } ], "cwes": [ @@ -2051,96 +2784,202 @@ }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21727, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.037275 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4bf1f6f079d3164c", + "name": "fluent-bit", + "version": "4.2.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-66199", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-66199", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service). In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs. This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks. Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.033100000000000004 + "risk": 0.0327 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00662, - "percentile": 0.70627, - "date": "2026-01-26" + "cve": "CVE-2025-66199", + "epss": 0.0006, + "percentile": 0.18825, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2148,39 +2987,67 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { @@ -2196,8 +3063,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ @@ -2260,8 +3127,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70177, - "date": "2026-01-26" + "percentile": 0.70325, + "date": "2026-02-02" } ], "cwes": [ @@ -2374,21 +3241,21 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15468", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2396,47 +3263,59 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03075 + "risk": 0.032155 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15468", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65", + "https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2", + "https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4", + "https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2444,17 +3323,17 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12162, - "date": "2026-01-26" + "cve": "CVE-2025-15468", + "epss": 0.00059, + "percentile": 0.18301, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0915", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-15468", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -2470,43 +3349,46 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0915", - "versionConstraint": "none (unknown)" - } + "vulnerabilityID": "CVE-2025-15468", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", "annotations": { "evidence": "supporting" } @@ -2514,277 +3396,110 @@ ], "language": "", "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:13", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "17.7-0+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "17.7-0+deb13u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02013 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20512, - "date": "2026-01-26" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12106, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 17.7-0+deb13u1 (deb)" - }, - "fix": { - "suggestedVersion": "17.7-0+deb13u1" - } - } - ], - "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", - "upstreams": [ - { - "name": "postgresql-17" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.01855 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" - ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00371, - "percentile": 0.58366, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], "matchDetails": [ { "type": "exact-indirect-match", @@ -2801,7 +3516,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } @@ -2885,124 +3600,85 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", - "namespace": "debian:distro:debian:13", - "severity": "Medium", - "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16667, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", + "cve": "CVE-2025-29477", + "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.01854 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" - ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14819", - "epss": 0.00036, - "percentile": 0.10383, - "date": "2026-01-26" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" - }, - "namespace": "debian:distro:debian:13" + "name": "fluent-bit", + "version": "4.2.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-14819", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", - "type": "deb", + "id": "4bf1f6f079d3164c", + "name": "fluent-bit", + "version": "4.2.2", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -3011,31 +3687,35 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.2.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3043,32 +3723,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01565 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3076,40 +3755,36 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00313, - "percentile": 0.54016, - "date": "2026-01-26" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66183, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3117,46 +3792,1145 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "libgcrypt20", + "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.024000000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00032, + "percentile": 0.08868, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:13", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "17.7-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] + }, + "advisories": [], + "risk": 0.02013 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12817/" + ], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20433, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "postgresql-17", + "version": "17.6-0+deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 17.7-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.7-0+deb13u1" + } + } + ], + "artifact": { + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", + "upstreams": [ + { + "name": "postgresql-17" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.5989, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01854 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10314, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.015965 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54168, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02667, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", @@ -3195,35 +4969,298 @@ "public-domain" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44652, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44046, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0108 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44046, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openldap", + "version": "2.6.10+dfsg-1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2020-15719", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap2", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libldap2", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { - "name": "glibc" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-13034", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", + "namespace": "debian:distro:debian:13", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3231,61 +5268,101 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00026, - "percentile": 0.06791, - "date": "2026-01-26" + "cve": "CVE-2025-13034", + "epss": 0.00019, + "percentile": 0.04279, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", + "cve": "CVE-2025-13034", + "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.013649999999999999 + "risk": 0.010355000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13034", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-13034.html", + "https://curl.se/docs/CVE-2025-13034.json" + ], + "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13034", + "epss": 0.00019, + "percentile": 0.04279, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13034", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "13" + }, "package": { - "name": "fluent-bit", - "version": "4.2.2" - } + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-13034", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4bf1f6f079d3164c", - "name": "fluent-bit", - "version": "4.2.2", - "type": "binary", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -3294,97 +5371,87 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.2", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.012720000000000002 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", - "epss": 0.00016, - "percentile": 0.02554, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3399,117 +5466,77 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3517,58 +5544,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44546, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3576,27 +5599,27 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3605,96 +5628,85 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.010815000000000002 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14524.html", - "https://curl.se/docs/CVE-2025-14524.json", - "https://hackerone.com/reports/3459417", - "http://www.openwall.com/lists/oss-security/2026/01/07/4" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14524", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-14524", - "cwe": "CWE-601", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -3711,27 +5723,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -3740,37 +5752,42 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -3780,62 +5797,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.43945, - "date": "2026-01-26" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42957, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -3852,27 +5852,27 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2020-15719", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -3881,128 +5881,212 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", + "namespace": "debian:distro:debian:13", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04388, - "date": "2026-01-26" + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00945 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22795", + "epss": 0.00018, + "percentile": 0.03676, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "13" + }, "package": { - "name": "fluent-bit", - "version": "4.2.2" - } + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "4bf1f6f079d3164c", - "name": "fluent-bit", - "version": "4.2.2", - "type": "binary", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.2", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-13034", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], - "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4010,47 +6094,65 @@ ], "epss": [ { - "cve": "CVE-2025-13034", - "epss": 0.00019, - "percentile": 0.04223, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13034", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.010355000000000001 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00679 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13034", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-13034.html", - "https://curl.se/docs/CVE-2025-13034.json" - ], - "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4058,17 +6160,17 @@ ], "epss": [ { - "cve": "CVE-2025-13034", - "epss": 0.00019, - "percentile": 0.04223, - "date": "2026-01-26" + "cve": "CVE-2025-68160", + "epss": 0.00014, + "percentile": 0.01943, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-13034", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4084,116 +6186,176 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-13034", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-11187", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-11187", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.006659999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2025-11187", + "epss": 0.00012, + "percentile": 0.01496, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4208,75 +6370,90 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", - "version": "1.21.3-5", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4286,45 +6463,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.33145, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -4341,68 +6532,123 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", - "version": "1.21.3-5", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4410,25 +6656,38 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4439,18 +6698,24 @@ ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4465,27 +6730,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4494,44 +6759,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4539,25 +6805,38 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4568,25 +6847,31 @@ ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.42858, - "date": "2026-01-26" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.326, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4594,27 +6879,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } @@ -4623,37 +6908,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -4663,31 +6944,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -4695,27 +6974,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.33166, - "date": "2026-01-26" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.31889, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } @@ -4732,123 +7011,68 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "openldap", + "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libldap2", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { - "name": "glibc" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -4856,20 +7080,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4882,40 +7107,22 @@ "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -4936,7 +7143,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -4971,33 +7178,27 @@ }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -5005,20 +7206,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -5031,40 +7233,22 @@ "impactScore": 1.5 }, "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32621, - "date": "2026-01-26" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28103, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31437", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } @@ -5085,7 +7269,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -5116,25 +7300,25 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5144,57 +7328,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.3191, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -5211,27 +7385,27 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5240,36 +7414,36 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "openldap" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", + "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -5280,21 +7454,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -5311,15 +7485,15 @@ ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26563, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", + "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -5329,7 +7503,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5343,21 +7517,21 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4f3b916d8498c51d", - "name": "libsystemd0", + "id": "8105926f22d394d9", + "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } @@ -5366,70 +7540,90 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", - "upstreams": [ - { - "name": "systemd" - } - ] + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.8.9-3+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u1", + "date": "2026-01-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.005 + "risk": 0.0045000000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 4, + "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5437,17 +7631,17 @@ ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28173, - "date": "2026-01-26" + "cve": "CVE-2025-9820", + "epss": 0.0001, + "percentile": 0.0096, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5455,7 +7649,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5463,27 +7657,30 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u1" } } ], "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } @@ -5492,35 +7689,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5528,49 +7729,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5585,27 +7784,27 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4f3b916d8498c51d", - "name": "libsystemd0", - "version": "257.9-1~deb13u1", + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5614,39 +7813,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "systemd" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5654,56 +7862,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26624, - "date": "2026-01-26" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2023-31439", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5711,27 +7917,27 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5740,10 +7946,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { @@ -5759,8 +7969,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ @@ -5807,8 +8017,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ @@ -5843,15 +8053,15 @@ } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5860,18 +8070,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5892,8 +8098,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ @@ -5940,8 +8146,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "percentile": 0.19336, + "date": "2026-02-02" } ], "cwes": [ @@ -5976,15 +8182,15 @@ } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -5993,9 +8199,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -6005,25 +8211,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6033,45 +8239,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.0029500000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2025-15224", + "epss": 0.00059, + "percentile": 0.18384, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -6088,27 +8296,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -6117,73 +8325,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-15469", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15469", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated. When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath. The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected. The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary. OpenSSL 3.5 and 3.6 are vulnerable to this issue. OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", - "cvss": [], + ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0031000000000000003 + "risk": 0.002625 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15469", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f", + "https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input\ndata to 16MB when using one-shot signing algorithms and reports success instead\nof an error.\n\nImpact summary: A user signing or verifying files larger than 16MB with\none-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire\nfile is authenticated while trailing data beyond 16MB remains unauthenticated.\n\nWhen the 'openssl dgst' command is used with algorithms that only support\none-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input\nis buffered with a 16MB limit. If the input exceeds this limit, the tool\nsilently truncates to the first 16MB and continues without signaling an error,\ncontrary to what the documentation states. This creates an integrity gap where\ntrailing bytes can be modified without detection if both signing and\nverification are performed using the same affected codepath.\n\nThe issue affects only the command-line tool behavior. Verifiers that process\nthe full message using library APIs will reject the signature, so the risk\nprimarily affects workflows that both sign and verify with the affected\n'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and\nlibrary users are unaffected.\n\nThe FIPS modules in 3.5 and 3.6 are not affected by this issue, as the\ncommand-line tools are outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.5 and 3.6 are vulnerable to this issue.\n\nOpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6191,17 +8417,17 @@ ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00062, - "percentile": 0.19383, - "date": "2026-01-26" + "cve": "CVE-2025-15469", + "epss": 0.00005, + "percentile": 0.00197, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-15469", + "cwe": "CWE-347", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6217,117 +8443,170 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26461", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15469", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "krb5" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-69418", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69418", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", - "cvss": [], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.00245 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.0022500000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" - ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00049, - "percentile": 0.15349, - "date": "2026-01-26" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.002, + "date": "2026-02-02" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6343,41 +8622,65 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15224", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } @@ -6395,8 +8698,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -6462,8 +8765,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -6544,8 +8847,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -6611,8 +8914,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12551, - "date": "2026-01-26" + "percentile": 0.12498, + "date": "2026-02-02" } ], "cwes": [ @@ -6676,6 +8979,116 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00195 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00039, + "percentile": 0.11456, + "date": "2026-02-02" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "curl", + "version": "8.14.1-2+deb13u2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-10966", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-15079", @@ -6688,9 +9101,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -6706,7 +9119,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0010500000000000002 + "risk": 0.0015500000000000002 }, "relatedVulnerabilities": [ { @@ -6738,9 +9151,9 @@ "epss": [ { "cve": "CVE-2025-15079", - "epss": 0.00021, - "percentile": 0.04574, - "date": "2026-01-26" + "epss": 0.00031, + "percentile": 0.08601, + "date": "2026-02-02" } ], "cwes": [ @@ -6815,8 +9228,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -6870,8 +9283,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03832, - "date": "2026-01-26" + "percentile": 0.03893, + "date": "2026-02-02" } ], "cwes": [ @@ -6939,116 +9352,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0007499999999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" - ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.02272, - "date": "2026-01-26" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-10966", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4t64", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, { "vulnerability": { "id": "CVE-2025-14017", @@ -7062,8 +9365,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7103,8 +9414,16 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00357, - "date": "2026-01-26" + "percentile": 0.00378, + "date": "2026-02-02" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7157,142 +9476,6 @@ } ] } - }, - { - "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", - "namespace": "debian:distro:debian:13", - "severity": "Medium", - "urls": [], - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "3.8.9-3+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u1", - "date": "2026-01-11", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" - ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "cwes": [ - { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "gnutls28", - "version": "3.8.9-3" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u1" - } - } - ], - "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } } ], "source": { @@ -7453,7 +9636,7 @@ }, "descriptor": { "name": "grype", - "version": "0.106.0", + "version": "0.107.1", "configuration": { "output": [ "json" @@ -7565,6 +9748,9 @@ "rust": { "using-cpes": false }, + "hex": { + "using-cpes": false + }, "stock": { "using-cpes": true }, @@ -7625,92 +9811,100 @@ }, "db": { "status": { - "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", - "built": "2026-01-27T06:17:59Z", + "schemaVersion": "v6.1.4", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-03T00:34:51Z_1770100162.tar.zst?checksum=sha256%3A891ca127fe86b96cc5189987a98f79294d94100ac1fb04b7ee8a47c4878b3a25", + "built": "2026-02-03T06:29:22Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:828ec6b2a89fde2e" + "captured": "2026-02-03T00:35:03Z", + "input": "xxh64:3c727c0dbb6f2e47" }, "alpine": { - "captured": "2026-01-27T00:28:12Z", - "input": "xxh64:d63d5186142e82b6" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:7866a2e9626e6f87" }, "amazon": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:b937f39bf9b948c3" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:8b40a8d039a79b9b" }, "arch": { - "captured": "2026-01-27T00:27:58Z", - "input": "xxh64:ebbc7187af1f8e94" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:cd059be2a849eaf7" }, "bitnami": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:ada8a8e06bce4e77" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:50efb5b293667846" }, "chainguard": { - "captured": "2026-01-27T00:28:03Z", - "input": "xxh64:c68f1b84143217d0" + "captured": "2026-02-03T00:34:57Z", + "input": "xxh64:26629a4194da1f51" }, "chainguard-libraries": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5f56fb987510fc1e" + "captured": "2026-02-03T00:35:01Z", + "input": "xxh64:a8c72eb8bbdd25c1" }, "debian": { - "captured": "2026-01-27T00:28:11Z", - "input": "xxh64:0da53a5e32e0aecd" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:42f87eb0e7767101" }, "echo": { - "captured": "2026-01-27T00:28:32Z", - "input": "xxh64:87292d30981e4b64" + "captured": "2026-02-03T00:35:07Z", + "input": "xxh64:16569042daf64190" + }, + "eol": { + "captured": "2026-02-03T00:35:08Z", + "input": "xxh64:566c385d39df94fa" }, "epss": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:2265fb49fc63caa4" + "captured": "2026-02-03T00:34:54Z", + "input": "xxh64:acba09e91d1a5ae6" }, "github": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:5d35db26069179d3" + "captured": "2026-02-03T00:35:05Z", + "input": "xxh64:6b838992184d324d" }, "kev": { - "captured": "2026-01-27T00:28:08Z", - "input": "xxh64:56da5c5188765a32" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:7a8fd72b620f6a5b" }, "mariner": { - "captured": "2026-01-27T00:28:05Z", - "input": "xxh64:5e2a84bf7e03acc0" + "captured": "2026-02-03T00:34:58Z", + "input": "xxh64:a43fa8b27211e6b7" }, "minimos": { - "captured": "2026-01-27T00:28:06Z", - "input": "xxh64:3dc73ed211de9574" + "captured": "2026-02-03T00:34:51Z", + "input": "xxh64:75702a05e4770246" }, "nvd": { - "captured": "2026-01-27T00:32:38Z", - "input": "xxh64:a5214b9aa837870e" + "captured": "2026-02-03T00:39:33Z", + "input": "xxh64:9bcd20828809f779" }, "oracle": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:ddbf592604bde1f5" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:0f7536fd81411d0f" }, "rhel": { - "captured": "2026-01-27T00:29:39Z", - "input": "xxh64:87c50948404afdef" + "captured": "2026-02-03T00:35:53Z", + "input": "xxh64:c31173006693bd3a" + }, + "secureos": { + "captured": "2026-02-03T00:35:06Z", + "input": "xxh64:1bb06fdb9620370e" }, "sles": { - "captured": "2026-01-27T00:28:33Z", - "input": "xxh64:06269325800dcc4d" + "captured": "2026-02-03T00:35:19Z", + "input": "xxh64:1aebce387a1df223" }, "ubuntu": { - "captured": "2026-01-27T00:30:02Z", - "input": "xxh64:78b619deea403a0f" + "captured": "2026-02-03T00:36:29Z", + "input": "xxh64:1bcf56b7621277b2" }, "wolfi": { - "captured": "2026-01-27T00:28:01Z", - "input": "xxh64:e454e5adcc921d23" + "captured": "2026-02-03T00:35:00Z", + "input": "xxh64:1dac564618f20a2d" } } } diff --git a/docs/security/oss/grype-4.2.2.md b/docs/security/oss/grype-4.2.2.md index 72ddf8e..1f2f99b 100644 --- a/docs/security/oss/grype-4.2.2.md +++ b/docs/security/oss/grype-4.2.2.md @@ -5,17 +5,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | | libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.2.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Medium | | fluent-bit | 4.2.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-13034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Medium | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30t64 | 3.8.9-3 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -27,8 +39,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5support0 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.41-12 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | | libgcrypt20 | 1.11.0-7 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | @@ -52,7 +64,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible |